#ifdef LIBSSH2_CRYPTO_C
#include <stdlib.h>
#if MBEDTLS_VERSION_NUMBER < 0x03000000
#define mbedtls_cipher_info_get_key_bitlen(c) (c->key_bitlen)
#define mbedtls_cipher_info_get_iv_size(c) (c->iv_size)
#define mbedtls_rsa_get_len(rsa) (rsa->len)
#define MBEDTLS_PRIVATE(m) m
#endif
static mbedtls_entropy_context _libssh2_mbedtls_entropy;
static mbedtls_ctr_drbg_context _libssh2_mbedtls_ctr_drbg;
void
_libssh2_mbedtls_init(void)
{
int ret;
mbedtls_entropy_init(&_libssh2_mbedtls_entropy);
mbedtls_ctr_drbg_init(&_libssh2_mbedtls_ctr_drbg);
ret = mbedtls_ctr_drbg_seed(&_libssh2_mbedtls_ctr_drbg,
mbedtls_entropy_func,
&_libssh2_mbedtls_entropy, NULL, 0);
if(ret)
mbedtls_ctr_drbg_free(&_libssh2_mbedtls_ctr_drbg);
}
void
_libssh2_mbedtls_free(void)
{
mbedtls_ctr_drbg_free(&_libssh2_mbedtls_ctr_drbg);
mbedtls_entropy_free(&_libssh2_mbedtls_entropy);
}
int
_libssh2_mbedtls_random(unsigned char *buf, size_t len)
{
int ret;
ret = mbedtls_ctr_drbg_random(&_libssh2_mbedtls_ctr_drbg, buf, len);
return ret == 0 ? 0 : -1;
}
static void
_libssh2_mbedtls_safe_free(void *buf, size_t len)
{
if(!buf)
return;
if(len > 0)
_libssh2_explicit_zero(buf, len);
mbedtls_free(buf);
}
int
_libssh2_mbedtls_cipher_init(_libssh2_cipher_ctx *ctx,
_libssh2_cipher_type(algo),
unsigned char *iv,
unsigned char *secret,
int encrypt)
{
const mbedtls_cipher_info_t *cipher_info;
int ret, op;
if(!ctx)
return -1;
op = encrypt == 0 ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT;
cipher_info = mbedtls_cipher_info_from_type(algo);
if(!cipher_info)
return -1;
mbedtls_cipher_init(ctx);
ret = mbedtls_cipher_setup(ctx, cipher_info);
if(!ret)
ret = mbedtls_cipher_setkey(ctx,
secret,
(int)mbedtls_cipher_info_get_key_bitlen(cipher_info),
op);
if(!ret)
ret = mbedtls_cipher_set_iv(ctx, iv,
mbedtls_cipher_info_get_iv_size(cipher_info));
return ret == 0 ? 0 : -1;
}
int
_libssh2_mbedtls_cipher_crypt(_libssh2_cipher_ctx *ctx,
_libssh2_cipher_type(algo),
int encrypt,
unsigned char *block,
size_t blocklen, int firstlast)
{
int ret;
unsigned char *output;
size_t osize, olen, finish_olen;
(void)encrypt;
(void)algo;
(void)firstlast;
osize = blocklen + mbedtls_cipher_get_block_size(ctx);
output = (unsigned char *)mbedtls_calloc(osize, sizeof(char));
if(output) {
ret = mbedtls_cipher_reset(ctx);
if(!ret)
ret = mbedtls_cipher_update(ctx, block, blocklen, output, &olen);
if(!ret)
ret = mbedtls_cipher_finish(ctx, output + olen, &finish_olen);
if(!ret) {
olen += finish_olen;
memcpy(block, output, olen);
}
_libssh2_mbedtls_safe_free(output, osize);
}
else
ret = -1;
return ret == 0 ? 0 : -1;
}
void
_libssh2_mbedtls_cipher_dtor(_libssh2_cipher_ctx *ctx)
{
mbedtls_cipher_free(ctx);
}
int
_libssh2_mbedtls_hash_init(mbedtls_md_context_t *ctx,
mbedtls_md_type_t mdtype,
const unsigned char *key, size_t keylen)
{
const mbedtls_md_info_t *md_info;
int ret, hmac;
md_info = mbedtls_md_info_from_type(mdtype);
if(!md_info)
return 0;
hmac = key ? 1 : 0;
mbedtls_md_init(ctx);
ret = mbedtls_md_setup(ctx, md_info, hmac);
if(!ret) {
if(hmac)
ret = mbedtls_md_hmac_starts(ctx, key, keylen);
else
ret = mbedtls_md_starts(ctx);
}
return ret == 0 ? 1 : 0;
}
int
_libssh2_mbedtls_hash_final(mbedtls_md_context_t *ctx, unsigned char *hash)
{
int ret;
ret = mbedtls_md_finish(ctx, hash);
mbedtls_md_free(ctx);
return ret == 0 ? 1 : 0;
}
int
_libssh2_mbedtls_hash(const unsigned char *data, size_t datalen,
mbedtls_md_type_t mdtype, unsigned char *hash)
{
const mbedtls_md_info_t *md_info;
int ret;
md_info = mbedtls_md_info_from_type(mdtype);
if(!md_info)
return 0;
ret = mbedtls_md(md_info, data, datalen, hash);
return ret == 0 ? 0 : -1;
}
int _libssh2_hmac_ctx_init(libssh2_hmac_ctx *ctx)
{
memset(ctx, 0, sizeof(*ctx));
return 1;
}
#if LIBSSH2_MD5
int _libssh2_hmac_md5_init(libssh2_hmac_ctx *ctx,
void *key, size_t keylen)
{
return _libssh2_mbedtls_hash_init(ctx, MBEDTLS_MD_MD5, key, keylen);
}
#endif
#if LIBSSH2_HMAC_RIPEMD
int _libssh2_hmac_ripemd160_init(libssh2_hmac_ctx *ctx,
void *key, size_t keylen)
{
return _libssh2_mbedtls_hash_init(ctx, MBEDTLS_MD_RIPEMD160, key, keylen);
}
#endif
int _libssh2_hmac_sha1_init(libssh2_hmac_ctx *ctx,
void *key, size_t keylen)
{
return _libssh2_mbedtls_hash_init(ctx, MBEDTLS_MD_SHA1, key, keylen);
}
int _libssh2_hmac_sha256_init(libssh2_hmac_ctx *ctx,
void *key, size_t keylen)
{
return _libssh2_mbedtls_hash_init(ctx, MBEDTLS_MD_SHA256, key, keylen);
}
int _libssh2_hmac_sha512_init(libssh2_hmac_ctx *ctx,
void *key, size_t keylen)
{
return _libssh2_mbedtls_hash_init(ctx, MBEDTLS_MD_SHA512, key, keylen);
}
int _libssh2_hmac_update(libssh2_hmac_ctx *ctx,
const void *data, size_t datalen)
{
int ret = mbedtls_md_hmac_update(ctx, data, datalen);
return ret == 0 ? 1 : 0;
}
int _libssh2_hmac_final(libssh2_hmac_ctx *ctx, void *data)
{
int ret = mbedtls_md_hmac_finish(ctx, data);
return ret == 0 ? 1 : 0;
}
void _libssh2_hmac_cleanup(libssh2_hmac_ctx *ctx)
{
mbedtls_md_free(ctx);
}
_libssh2_bn *
_libssh2_mbedtls_bignum_init(void)
{
_libssh2_bn *bignum;
bignum = (_libssh2_bn *)mbedtls_calloc(1, sizeof(_libssh2_bn));
if(bignum) {
mbedtls_mpi_init(bignum);
}
return bignum;
}
void
_libssh2_mbedtls_bignum_free(_libssh2_bn *bn)
{
if(bn) {
mbedtls_mpi_free(bn);
mbedtls_free(bn);
}
}
static int
_libssh2_mbedtls_bignum_random(_libssh2_bn *bn, int bits, int top, int bottom)
{
size_t len;
int err;
size_t i;
if(!bn || bits <= 0)
return -1;
len = (bits + 7) >> 3;
err = mbedtls_mpi_fill_random(bn, len, mbedtls_ctr_drbg_random,
&_libssh2_mbedtls_ctr_drbg);
if(err)
return -1;
for(i = len*8 - 1; (size_t)bits <= i; --i) {
err = mbedtls_mpi_set_bit(bn, i, 0);
if(err)
return -1;
}
if(top >= 0) {
for(i = 0; i <= (size_t)top; ++i) {
err = mbedtls_mpi_set_bit(bn, bits-i-1, 1);
if(err)
return -1;
}
}
if(bottom) {
err = mbedtls_mpi_set_bit(bn, 0, 1);
if(err)
return -1;
}
return 0;
}
int
_libssh2_mbedtls_rsa_new(libssh2_rsa_ctx **rsa,
const unsigned char *edata,
unsigned long elen,
const unsigned char *ndata,
unsigned long nlen,
const unsigned char *ddata,
unsigned long dlen,
const unsigned char *pdata,
unsigned long plen,
const unsigned char *qdata,
unsigned long qlen,
const unsigned char *e1data,
unsigned long e1len,
const unsigned char *e2data,
unsigned long e2len,
const unsigned char *coeffdata,
unsigned long coefflen)
{
int ret;
libssh2_rsa_ctx *ctx;
ctx = (libssh2_rsa_ctx *) mbedtls_calloc(1, sizeof(libssh2_rsa_ctx));
if(ctx) {
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
mbedtls_rsa_init(ctx);
#else
mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, 0);
#endif
}
else
return -1;
if((ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(E)),
edata, elen)) ||
(ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(N)),
ndata, nlen))) {
ret = -1;
}
if(!ret) {
ctx->MBEDTLS_PRIVATE(len) =
mbedtls_mpi_size(&(ctx->MBEDTLS_PRIVATE(N)));
}
if(!ret && ddata) {
if((ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(D)),
ddata, dlen)) ||
(ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(P)),
pdata, plen)) ||
(ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(Q)),
qdata, qlen)) ||
(ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(DP)),
e1data, e1len)) ||
(ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(DQ)),
e2data, e2len)) ||
(ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(QP)),
coeffdata, coefflen))) {
ret = -1;
}
ret = mbedtls_rsa_check_privkey(ctx);
}
else if(!ret) {
ret = mbedtls_rsa_check_pubkey(ctx);
}
if(ret && ctx) {
_libssh2_mbedtls_rsa_free(ctx);
ctx = NULL;
}
*rsa = ctx;
return ret;
}
int
_libssh2_mbedtls_rsa_new_private(libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
const char *filename,
const unsigned char *passphrase)
{
int ret;
mbedtls_pk_context pkey;
mbedtls_rsa_context *pk_rsa;
*rsa = (libssh2_rsa_ctx *) LIBSSH2_ALLOC(session, sizeof(libssh2_rsa_ctx));
if(!*rsa)
return -1;
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
mbedtls_rsa_init(*rsa);
#else
mbedtls_rsa_init(*rsa, MBEDTLS_RSA_PKCS_V15, 0);
#endif
mbedtls_pk_init(&pkey);
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
ret = mbedtls_pk_parse_keyfile(&pkey, filename, (char *)passphrase,
mbedtls_ctr_drbg_random,
&_libssh2_mbedtls_ctr_drbg);
#else
ret = mbedtls_pk_parse_keyfile(&pkey, filename, (char *)passphrase);
#endif
if(ret || mbedtls_pk_get_type(&pkey) != MBEDTLS_PK_RSA) {
mbedtls_pk_free(&pkey);
mbedtls_rsa_free(*rsa);
LIBSSH2_FREE(session, *rsa);
*rsa = NULL;
return -1;
}
pk_rsa = mbedtls_pk_rsa(pkey);
mbedtls_rsa_copy(*rsa, pk_rsa);
mbedtls_pk_free(&pkey);
return 0;
}
int
_libssh2_mbedtls_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
const char *filedata,
size_t filedata_len,
unsigned const char *passphrase)
{
int ret;
mbedtls_pk_context pkey;
mbedtls_rsa_context *pk_rsa;
void *filedata_nullterm;
size_t pwd_len;
*rsa = (libssh2_rsa_ctx *) mbedtls_calloc(1, sizeof(libssh2_rsa_ctx));
if(!*rsa)
return -1;
filedata_nullterm = mbedtls_calloc(filedata_len + 1, 1);
if(!filedata_nullterm) {
return -1;
}
memcpy(filedata_nullterm, filedata, filedata_len);
mbedtls_pk_init(&pkey);
pwd_len = passphrase ? strlen((const char *)passphrase) : 0;
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
ret = mbedtls_pk_parse_key(&pkey, (unsigned char *)filedata_nullterm,
filedata_len + 1,
passphrase, pwd_len,
mbedtls_ctr_drbg_random,
&_libssh2_mbedtls_ctr_drbg);
#else
ret = mbedtls_pk_parse_key(&pkey, (unsigned char *)filedata_nullterm,
filedata_len + 1,
passphrase, pwd_len);
#endif
_libssh2_mbedtls_safe_free(filedata_nullterm, filedata_len);
if(ret || mbedtls_pk_get_type(&pkey) != MBEDTLS_PK_RSA) {
mbedtls_pk_free(&pkey);
mbedtls_rsa_free(*rsa);
LIBSSH2_FREE(session, *rsa);
*rsa = NULL;
return -1;
}
pk_rsa = mbedtls_pk_rsa(pkey);
mbedtls_rsa_copy(*rsa, pk_rsa);
mbedtls_pk_free(&pkey);
return 0;
}
int
_libssh2_mbedtls_rsa_sha2_verify(libssh2_rsa_ctx * rsactx,
size_t hash_len,
const unsigned char *sig,
size_t sig_len,
const unsigned char *m,
size_t m_len)
{
int ret;
int md_type;
unsigned char *hash;
if(sig_len < mbedtls_rsa_get_len(rsactx))
return -1;
hash = malloc(hash_len);
if(!hash)
return -1;
if(hash_len == SHA_DIGEST_LENGTH) {
md_type = MBEDTLS_MD_SHA1;
}
else if(hash_len == SHA256_DIGEST_LENGTH) {
md_type = MBEDTLS_MD_SHA256;
}
else if(hash_len == SHA512_DIGEST_LENGTH) {
md_type = MBEDTLS_MD_SHA512;
}
else{
free(hash);
return -1;
}
ret = _libssh2_mbedtls_hash(m, m_len, md_type, hash);
if(ret) {
free(hash);
return -1;
}
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
ret = mbedtls_rsa_pkcs1_verify(rsactx,
md_type, (unsigned int)hash_len,
hash, sig);
#else
ret = mbedtls_rsa_pkcs1_verify(rsactx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
md_type, (unsigned int)hash_len,
hash, sig);
#endif
free(hash);
return (ret == 0) ? 0 : -1;
}
int
_libssh2_mbedtls_rsa_sha1_verify(libssh2_rsa_ctx * rsactx,
const unsigned char *sig,
size_t sig_len,
const unsigned char *m,
size_t m_len)
{
return _libssh2_mbedtls_rsa_sha2_verify(rsactx, SHA_DIGEST_LENGTH,
sig, sig_len, m, m_len);
}
int
_libssh2_mbedtls_rsa_sha2_sign(LIBSSH2_SESSION *session,
libssh2_rsa_ctx *rsa,
const unsigned char *hash,
size_t hash_len,
unsigned char **signature,
size_t *signature_len)
{
int ret;
unsigned char *sig;
size_t sig_len;
int md_type;
sig_len = mbedtls_rsa_get_len(rsa);
sig = LIBSSH2_ALLOC(session, sig_len);
if(!sig) {
return -1;
}
ret = 0;
if(hash_len == SHA_DIGEST_LENGTH) {
md_type = MBEDTLS_MD_SHA1;
}
else if(hash_len == SHA256_DIGEST_LENGTH) {
md_type = MBEDTLS_MD_SHA256;
}
else if(hash_len == SHA512_DIGEST_LENGTH) {
md_type = MBEDTLS_MD_SHA512;
}
else {
_libssh2_error(session, LIBSSH2_ERROR_PROTO,
"Unsupported hash digest length");
ret = -1;
}
if(ret == 0) {
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
ret = mbedtls_rsa_pkcs1_sign(rsa,
mbedtls_ctr_drbg_random,
&_libssh2_mbedtls_ctr_drbg,
md_type, (unsigned int)hash_len,
hash, sig);
#else
ret = mbedtls_rsa_pkcs1_sign(rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE,
md_type, (unsigned int)hash_len,
hash, sig);
#endif
}
if(ret) {
LIBSSH2_FREE(session, sig);
return -1;
}
*signature = sig;
*signature_len = sig_len;
return (ret == 0) ? 0 : -1;
}
int
_libssh2_mbedtls_rsa_sha1_sign(LIBSSH2_SESSION * session,
libssh2_rsa_ctx * rsactx,
const unsigned char *hash,
size_t hash_len,
unsigned char **signature,
size_t *signature_len)
{
return _libssh2_mbedtls_rsa_sha2_sign(session, rsactx, hash, hash_len,
signature, signature_len);
}
void
_libssh2_mbedtls_rsa_free(libssh2_rsa_ctx *ctx)
{
mbedtls_rsa_free(ctx);
mbedtls_free(ctx);
}
static unsigned char *
gen_publickey_from_rsa(LIBSSH2_SESSION *session,
mbedtls_rsa_context *rsa,
size_t *keylen)
{
uint32_t e_bytes, n_bytes;
uint32_t len;
unsigned char *key;
unsigned char *p;
e_bytes = (uint32_t)mbedtls_mpi_size(&rsa->MBEDTLS_PRIVATE(E));
n_bytes = (uint32_t)mbedtls_mpi_size(&rsa->MBEDTLS_PRIVATE(N));
len = 4 + 7 + 4 + e_bytes + 4 + n_bytes;
key = LIBSSH2_ALLOC(session, len);
if(!key) {
return NULL;
}
p = key;
_libssh2_htonu32(p, 7);
p += 4;
memcpy(p, "ssh-rsa", 7);
p += 7;
_libssh2_htonu32(p, e_bytes);
p += 4;
mbedtls_mpi_write_binary(&rsa->MBEDTLS_PRIVATE(E), p, e_bytes);
_libssh2_htonu32(p, n_bytes);
p += 4;
mbedtls_mpi_write_binary(&rsa->MBEDTLS_PRIVATE(N), p, n_bytes);
*keylen = (size_t)(p - key);
return key;
}
static int
_libssh2_mbedtls_pub_priv_key(LIBSSH2_SESSION *session,
unsigned char **method,
size_t *method_len,
unsigned char **pubkeydata,
size_t *pubkeydata_len,
mbedtls_pk_context *pkey)
{
unsigned char *key = NULL, *mth = NULL;
size_t keylen = 0, mthlen = 0;
int ret;
mbedtls_rsa_context *rsa;
if(mbedtls_pk_get_type(pkey) != MBEDTLS_PK_RSA) {
mbedtls_pk_free(pkey);
return _libssh2_error(session, LIBSSH2_ERROR_FILE,
"Key type not supported");
}
mthlen = 7;
mth = LIBSSH2_ALLOC(session, mthlen);
if(mth) {
memcpy(mth, "ssh-rsa", mthlen);
}
else {
ret = -1;
}
rsa = mbedtls_pk_rsa(*pkey);
key = gen_publickey_from_rsa(session, rsa, &keylen);
if(!key) {
ret = -1;
}
if(ret) {
if(mth)
LIBSSH2_FREE(session, mth);
if(key)
LIBSSH2_FREE(session, key);
}
else {
*method = mth;
*method_len = mthlen;
*pubkeydata = key;
*pubkeydata_len = keylen;
}
return ret;
}
int
_libssh2_mbedtls_pub_priv_keyfile(LIBSSH2_SESSION *session,
unsigned char **method,
size_t *method_len,
unsigned char **pubkeydata,
size_t *pubkeydata_len,
const char *privatekey,
const char *passphrase)
{
mbedtls_pk_context pkey;
char buf[1024];
int ret;
mbedtls_pk_init(&pkey);
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
ret = mbedtls_pk_parse_keyfile(&pkey, privatekey, passphrase,
mbedtls_ctr_drbg_random,
&_libssh2_mbedtls_ctr_drbg);
#else
ret = mbedtls_pk_parse_keyfile(&pkey, privatekey, passphrase);
#endif
if(ret) {
mbedtls_strerror(ret, (char *)buf, sizeof(buf));
mbedtls_pk_free(&pkey);
return _libssh2_error(session, LIBSSH2_ERROR_FILE, buf);
}
ret = _libssh2_mbedtls_pub_priv_key(session, method, method_len,
pubkeydata, pubkeydata_len, &pkey);
mbedtls_pk_free(&pkey);
return ret;
}
int
_libssh2_mbedtls_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
unsigned char **method,
size_t *method_len,
unsigned char **pubkeydata,
size_t *pubkeydata_len,
const char *privatekeydata,
size_t privatekeydata_len,
const char *passphrase)
{
mbedtls_pk_context pkey;
char buf[1024];
int ret;
void *privatekeydata_nullterm;
size_t pwd_len;
privatekeydata_nullterm = mbedtls_calloc(privatekeydata_len + 1, 1);
if(!privatekeydata_nullterm) {
return -1;
}
memcpy(privatekeydata_nullterm, privatekeydata, privatekeydata_len);
mbedtls_pk_init(&pkey);
pwd_len = passphrase ? strlen((const char *)passphrase) : 0;
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
ret = mbedtls_pk_parse_key(&pkey,
(unsigned char *)privatekeydata_nullterm,
privatekeydata_len + 1,
(const unsigned char *)passphrase, pwd_len,
mbedtls_ctr_drbg_random,
&_libssh2_mbedtls_ctr_drbg);
#else
ret = mbedtls_pk_parse_key(&pkey,
(unsigned char *)privatekeydata_nullterm,
privatekeydata_len + 1,
(const unsigned char *)passphrase, pwd_len);
#endif
_libssh2_mbedtls_safe_free(privatekeydata_nullterm, privatekeydata_len);
if(ret) {
mbedtls_strerror(ret, (char *)buf, sizeof(buf));
mbedtls_pk_free(&pkey);
return _libssh2_error(session, LIBSSH2_ERROR_FILE, buf);
}
ret = _libssh2_mbedtls_pub_priv_key(session, method, method_len,
pubkeydata, pubkeydata_len, &pkey);
mbedtls_pk_free(&pkey);
return ret;
}
int
_libssh2_mbedtls_sk_pub_keyfilememory(LIBSSH2_SESSION *session,
unsigned char **method,
size_t *method_len,
unsigned char **pubkeydata,
size_t *pubkeydata_len,
int *algorithm,
unsigned char *flags,
const char **application,
const unsigned char **key_handle,
size_t *handle_len,
const char *privatekeydata,
size_t privatekeydata_len,
const char *passphrase)
{
(void)method;
(void)method_len;
(void)pubkeydata;
(void)pubkeydata_len;
(void)algorithm;
(void)flags;
(void)application;
(void)key_handle;
(void)handle_len;
(void)privatekeydata;
(void)privatekeydata_len;
(void)passphrase;
return _libssh2_error(session, LIBSSH2_ERROR_FILE,
"Unable to extract public SK key from private key file: "
"Method unimplemented in mbedTLS backend");
}
void _libssh2_init_aes_ctr(void)
{
}
void
_libssh2_dh_init(_libssh2_dh_ctx *dhctx)
{
*dhctx = _libssh2_mbedtls_bignum_init();
}
int
_libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public,
_libssh2_bn *g, _libssh2_bn *p, int group_order)
{
_libssh2_mbedtls_bignum_random(*dhctx, group_order * 8 - 1, 0, -1);
mbedtls_mpi_exp_mod(public, g, *dhctx, p, NULL);
return 0;
}
int
_libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret,
_libssh2_bn *f, _libssh2_bn *p)
{
mbedtls_mpi_exp_mod(secret, f, *dhctx, p, NULL);
return 0;
}
void
_libssh2_dh_dtor(_libssh2_dh_ctx *dhctx)
{
_libssh2_mbedtls_bignum_free(*dhctx);
*dhctx = NULL;
}
#if LIBSSH2_ECDSA
int
_libssh2_mbedtls_ecdsa_create_key(LIBSSH2_SESSION *session,
_libssh2_ec_key **privkey,
unsigned char **pubkey_oct,
size_t *pubkey_oct_len,
libssh2_curve_type curve)
{
size_t plen = 0;
*privkey = LIBSSH2_ALLOC(session, sizeof(mbedtls_ecp_keypair));
if(!*privkey)
goto failed;
mbedtls_ecdsa_init(*privkey);
if(mbedtls_ecdsa_genkey(*privkey, (mbedtls_ecp_group_id)curve,
mbedtls_ctr_drbg_random,
&_libssh2_mbedtls_ctr_drbg))
goto failed;
plen = 2 * mbedtls_mpi_size(&(*privkey)->MBEDTLS_PRIVATE(grp).P) + 1;
*pubkey_oct = LIBSSH2_ALLOC(session, plen);
if(!*pubkey_oct)
goto failed;
if(mbedtls_ecp_point_write_binary(&(*privkey)->MBEDTLS_PRIVATE(grp),
&(*privkey)->MBEDTLS_PRIVATE(Q),
MBEDTLS_ECP_PF_UNCOMPRESSED,
pubkey_oct_len, *pubkey_oct, plen) == 0)
return 0;
failed:
_libssh2_mbedtls_ecdsa_free(*privkey);
_libssh2_mbedtls_safe_free(*pubkey_oct, plen);
*privkey = NULL;
return -1;
}
int
_libssh2_mbedtls_ecdsa_curve_name_with_octal_new(libssh2_ecdsa_ctx **ctx,
const unsigned char *k,
size_t k_len,
libssh2_curve_type curve)
{
*ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair));
if(!*ctx)
goto failed;
mbedtls_ecdsa_init(*ctx);
if(mbedtls_ecp_group_load(&(*ctx)->MBEDTLS_PRIVATE(grp),
(mbedtls_ecp_group_id)curve))
goto failed;
if(mbedtls_ecp_point_read_binary(&(*ctx)->MBEDTLS_PRIVATE(grp),
&(*ctx)->MBEDTLS_PRIVATE(Q),
k, k_len))
goto failed;
if(mbedtls_ecp_check_pubkey(&(*ctx)->MBEDTLS_PRIVATE(grp),
&(*ctx)->MBEDTLS_PRIVATE(Q)) == 0)
return 0;
failed:
_libssh2_mbedtls_ecdsa_free(*ctx);
*ctx = NULL;
return -1;
}
int
_libssh2_mbedtls_ecdh_gen_k(_libssh2_bn **k,
_libssh2_ec_key *privkey,
const unsigned char *server_pubkey,
size_t server_pubkey_len)
{
mbedtls_ecp_point pubkey;
int rc = 0;
if(!*k)
return -1;
mbedtls_ecp_point_init(&pubkey);
if(mbedtls_ecp_point_read_binary(&privkey->MBEDTLS_PRIVATE(grp),
&pubkey,
server_pubkey, server_pubkey_len)) {
rc = -1;
goto cleanup;
}
if(mbedtls_ecdh_compute_shared(&privkey->MBEDTLS_PRIVATE(grp), *k,
&pubkey,
&privkey->MBEDTLS_PRIVATE(d),
mbedtls_ctr_drbg_random,
&_libssh2_mbedtls_ctr_drbg)) {
rc = -1;
goto cleanup;
}
if(mbedtls_ecp_check_privkey(&privkey->MBEDTLS_PRIVATE(grp), *k))
rc = -1;
cleanup:
mbedtls_ecp_point_free(&pubkey);
return rc;
}
#define LIBSSH2_MBEDTLS_ECDSA_VERIFY(digest_type) \
do { \
unsigned char hsh[SHA##digest_type##_DIGEST_LENGTH]; \
\
if(libssh2_sha##digest_type(m, m_len, hsh) == 0) { \
rc = mbedtls_ecdsa_verify(&ctx->MBEDTLS_PRIVATE(grp), hsh, \
SHA##digest_type##_DIGEST_LENGTH, \
&ctx->MBEDTLS_PRIVATE(Q), &pr, &ps); \
} \
} while(0)
int
_libssh2_mbedtls_ecdsa_verify(libssh2_ecdsa_ctx *ctx,
const unsigned char *r, size_t r_len,
const unsigned char *s, size_t s_len,
const unsigned char *m, size_t m_len)
{
mbedtls_mpi pr, ps;
int rc = -1;
mbedtls_mpi_init(&pr);
mbedtls_mpi_init(&ps);
if(mbedtls_mpi_read_binary(&pr, r, r_len))
goto cleanup;
if(mbedtls_mpi_read_binary(&ps, s, s_len))
goto cleanup;
switch(_libssh2_ecdsa_get_curve_type(ctx)) {
case LIBSSH2_EC_CURVE_NISTP256:
LIBSSH2_MBEDTLS_ECDSA_VERIFY(256);
break;
case LIBSSH2_EC_CURVE_NISTP384:
LIBSSH2_MBEDTLS_ECDSA_VERIFY(384);
break;
case LIBSSH2_EC_CURVE_NISTP521:
LIBSSH2_MBEDTLS_ECDSA_VERIFY(512);
break;
default:
rc = -1;
}
cleanup:
mbedtls_mpi_free(&pr);
mbedtls_mpi_free(&ps);
return (rc == 0) ? 0 : -1;
}
static int
_libssh2_mbedtls_parse_eckey(libssh2_ecdsa_ctx **ctx,
mbedtls_pk_context *pkey,
LIBSSH2_SESSION *session,
const unsigned char *data,
size_t data_len,
const unsigned char *pwd)
{
size_t pwd_len;
pwd_len = pwd ? strlen((const char *) pwd) : 0;
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
if(mbedtls_pk_parse_key(pkey, data, data_len, pwd, pwd_len,
mbedtls_ctr_drbg_random,
&_libssh2_mbedtls_ctr_drbg))
goto failed;
#else
if(mbedtls_pk_parse_key(pkey, data, data_len, pwd, pwd_len))
goto failed;
#endif
if(mbedtls_pk_get_type(pkey) != MBEDTLS_PK_ECKEY)
goto failed;
*ctx = LIBSSH2_ALLOC(session, sizeof(libssh2_ecdsa_ctx));
if(!*ctx)
goto failed;
mbedtls_ecdsa_init(*ctx);
if(mbedtls_ecdsa_from_keypair(*ctx, mbedtls_pk_ec(*pkey)) == 0)
return 0;
failed:
_libssh2_mbedtls_ecdsa_free(*ctx);
*ctx = NULL;
return -1;
}
static int
_libssh2_mbedtls_parse_openssh_key(libssh2_ecdsa_ctx **ctx,
LIBSSH2_SESSION *session,
const unsigned char *data,
size_t data_len,
const unsigned char *pwd)
{
libssh2_curve_type type;
unsigned char *name = NULL;
struct string_buf *decrypted = NULL;
size_t curvelen, exponentlen, pointlen;
unsigned char *curve, *exponent, *point_buf;
if(_libssh2_openssh_pem_parse_memory(session, pwd,
(const char *)data, data_len,
&decrypted))
goto failed;
if(_libssh2_get_string(decrypted, &name, NULL))
goto failed;
if(_libssh2_mbedtls_ecdsa_curve_type_from_name((const char *)name,
&type))
goto failed;
if(_libssh2_get_string(decrypted, &curve, &curvelen))
goto failed;
if(_libssh2_get_string(decrypted, &point_buf, &pointlen))
goto failed;
if(_libssh2_get_bignum_bytes(decrypted, &exponent, &exponentlen))
goto failed;
*ctx = LIBSSH2_ALLOC(session, sizeof(libssh2_ecdsa_ctx));
if(!*ctx)
goto failed;
mbedtls_ecdsa_init(*ctx);
if(mbedtls_ecp_group_load(&(*ctx)->MBEDTLS_PRIVATE(grp),
(mbedtls_ecp_group_id)type))
goto failed;
if(mbedtls_mpi_read_binary(&(*ctx)->MBEDTLS_PRIVATE(d),
exponent, exponentlen))
goto failed;
if(mbedtls_ecp_mul(&(*ctx)->MBEDTLS_PRIVATE(grp),
&(*ctx)->MBEDTLS_PRIVATE(Q),
&(*ctx)->MBEDTLS_PRIVATE(d),
&(*ctx)->MBEDTLS_PRIVATE(grp).G,
mbedtls_ctr_drbg_random,
&_libssh2_mbedtls_ctr_drbg))
goto failed;
if(mbedtls_ecp_check_privkey(&(*ctx)->MBEDTLS_PRIVATE(grp),
&(*ctx)->MBEDTLS_PRIVATE(d)) == 0)
goto cleanup;
failed:
_libssh2_mbedtls_ecdsa_free(*ctx);
*ctx = NULL;
cleanup:
if(decrypted) {
_libssh2_string_buf_free(session, decrypted);
}
return *ctx ? 0 : -1;
}
#if MBEDTLS_VERSION_NUMBER >= 0x03060000
int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
#endif
int
_libssh2_mbedtls_ecdsa_new_private(libssh2_ecdsa_ctx **ctx,
LIBSSH2_SESSION *session,
const char *filename,
const unsigned char *pwd)
{
mbedtls_pk_context pkey;
unsigned char *data = NULL;
size_t data_len = 0;
mbedtls_pk_init(&pkey);
if(mbedtls_pk_load_file(filename, &data, &data_len))
goto cleanup;
if(_libssh2_mbedtls_parse_eckey(ctx, &pkey, session,
data, data_len, pwd) == 0)
goto cleanup;
_libssh2_mbedtls_parse_openssh_key(ctx, session, data, data_len, pwd);
cleanup:
mbedtls_pk_free(&pkey);
_libssh2_mbedtls_safe_free(data, data_len);
return *ctx ? 0 : -1;
}
int
_libssh2_mbedtls_ecdsa_new_private_frommemory(libssh2_ecdsa_ctx **ctx,
LIBSSH2_SESSION *session,
const char *data,
size_t data_len,
const unsigned char *pwd)
{
unsigned char *ntdata;
mbedtls_pk_context pkey;
mbedtls_pk_init(&pkey);
ntdata = LIBSSH2_ALLOC(session, data_len + 1);
if(!ntdata)
goto cleanup;
memcpy(ntdata, data, data_len);
if(_libssh2_mbedtls_parse_eckey(ctx, &pkey, session,
ntdata, data_len + 1, pwd) == 0)
goto cleanup;
_libssh2_mbedtls_parse_openssh_key(ctx, session,
ntdata, data_len + 1, pwd);
cleanup:
mbedtls_pk_free(&pkey);
_libssh2_mbedtls_safe_free(ntdata, data_len);
return *ctx ? 0 : -1;
}
static unsigned char *
_libssh2_mbedtls_mpi_write_binary(unsigned char *buf,
const mbedtls_mpi *mpi,
size_t bytes)
{
unsigned char *p = buf;
uint32_t size = (uint32_t)bytes;
if(sizeof(&p) / sizeof(p[0]) < 4) {
goto done;
}
p += 4;
*p = 0;
if(size > 0) {
mbedtls_mpi_write_binary(mpi, p + 1, size - 1);
}
if(size > 0 && !(*(p + 1) & 0x80)) {
memmove(p, p + 1, --size);
}
_libssh2_htonu32(p - 4, size);
done:
return p + size;
}
int
_libssh2_mbedtls_ecdsa_sign(LIBSSH2_SESSION *session,
libssh2_ecdsa_ctx *ctx,
const unsigned char *hash,
size_t hash_len,
unsigned char **sign,
size_t *sign_len)
{
size_t r_len, s_len, tmp_sign_len = 0;
unsigned char *sp, *tmp_sign = NULL;
mbedtls_mpi pr, ps;
mbedtls_mpi_init(&pr);
mbedtls_mpi_init(&ps);
if(mbedtls_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &pr, &ps,
&ctx->MBEDTLS_PRIVATE(d),
hash, hash_len,
mbedtls_ctr_drbg_random,
&_libssh2_mbedtls_ctr_drbg))
goto cleanup;
r_len = mbedtls_mpi_size(&pr) + 1;
s_len = mbedtls_mpi_size(&ps) + 1;
tmp_sign_len = r_len + s_len + 8;
tmp_sign = LIBSSH2_CALLOC(session, tmp_sign_len);
if(!tmp_sign)
goto cleanup;
sp = tmp_sign;
sp = _libssh2_mbedtls_mpi_write_binary(sp, &pr, r_len);
sp = _libssh2_mbedtls_mpi_write_binary(sp, &ps, s_len);
*sign_len = (size_t)(sp - tmp_sign);
*sign = LIBSSH2_CALLOC(session, *sign_len);
if(!*sign)
goto cleanup;
memcpy(*sign, tmp_sign, *sign_len);
cleanup:
mbedtls_mpi_free(&pr);
mbedtls_mpi_free(&ps);
_libssh2_mbedtls_safe_free(tmp_sign, tmp_sign_len);
return *sign ? 0 : -1;
}
libssh2_curve_type
_libssh2_mbedtls_ecdsa_get_curve_type(libssh2_ecdsa_ctx *ctx)
{
return (libssh2_curve_type) ctx->MBEDTLS_PRIVATE(grp).id;
}
int
_libssh2_mbedtls_ecdsa_curve_type_from_name(const char *name,
libssh2_curve_type *out_type)
{
int ret = 0;
libssh2_curve_type type;
if(!name || strlen(name) != 19)
return -1;
if(strcmp(name, "ecdsa-sha2-nistp256") == 0)
type = LIBSSH2_EC_CURVE_NISTP256;
else if(strcmp(name, "ecdsa-sha2-nistp384") == 0)
type = LIBSSH2_EC_CURVE_NISTP384;
else if(strcmp(name, "ecdsa-sha2-nistp521") == 0)
type = LIBSSH2_EC_CURVE_NISTP521;
else {
ret = -1;
}
if(ret == 0 && out_type) {
*out_type = type;
}
return ret;
}
void
_libssh2_mbedtls_ecdsa_free(libssh2_ecdsa_ctx *ctx)
{
mbedtls_ecdsa_free(ctx);
mbedtls_free(ctx);
}
#endif
const char *
_libssh2_supported_key_sign_algorithms(LIBSSH2_SESSION *session,
unsigned char *key_method,
size_t key_method_len)
{
(void)session;
#if LIBSSH2_RSA_SHA2
if(key_method_len == 7 &&
memcmp(key_method, "ssh-rsa", key_method_len) == 0) {
return "rsa-sha2-512,rsa-sha2-256"
#if LIBSSH2_RSA_SHA1
",ssh-rsa"
#endif
;
}
#endif
return NULL;
}
#endif