libssh
crypto.h
1 /*
2  * This file is part of the SSH Library
3  *
4  * Copyright (c) 2003-2009 by Aris Adamantiadis
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19  */
20 
21 /*
22  * crypto.h is an include file for internal cryptographic structures of libssh
23  */
24 
25 #ifndef _CRYPTO_H_
26 #define _CRYPTO_H_
27 
28 #include "config.h"
29 
30 #ifdef HAVE_LIBGCRYPT
31 #include <gcrypt.h>
32 #endif
33 #include "libssh/wrapper.h"
34 
35 #ifdef cbc_encrypt
36 #undef cbc_encrypt
37 #endif
38 #ifdef cbc_decrypt
39 #undef cbc_decrypt
40 #endif
41 
42 #ifdef HAVE_OPENSSL_ECDH_H
43 #include <openssl/ecdh.h>
44 #endif
45 #include "libssh/ecdh.h"
46 #include "libssh/kex.h"
47 #include "libssh/curve25519.h"
48 
49 #define DIGEST_MAX_LEN 64
50 
51 enum ssh_key_exchange_e {
52  /* diffie-hellman-group1-sha1 */
53  SSH_KEX_DH_GROUP1_SHA1=1,
54  /* diffie-hellman-group14-sha1 */
55  SSH_KEX_DH_GROUP14_SHA1,
56  /* ecdh-sha2-nistp256 */
57  SSH_KEX_ECDH_SHA2_NISTP256,
58  /* ecdh-sha2-nistp384 */
59  SSH_KEX_ECDH_SHA2_NISTP384,
60  /* ecdh-sha2-nistp521 */
61  SSH_KEX_ECDH_SHA2_NISTP521,
62  /* curve25519-sha256@libssh.org */
63  SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG,
64  /* curve25519-sha256 */
65  SSH_KEX_CURVE25519_SHA256
66 };
67 
68 enum ssh_cipher_e {
69  SSH_NO_CIPHER=0,
70  SSH_BLOWFISH_CBC,
71  SSH_3DES_CBC,
72  SSH_AES128_CBC,
73  SSH_AES192_CBC,
74  SSH_AES256_CBC,
75  SSH_AES128_CTR,
76  SSH_AES192_CTR,
77  SSH_AES256_CTR
78 };
79 
80 struct ssh_crypto_struct {
81  bignum e,f,x,k,y;
82 #ifdef HAVE_ECDH
83 #ifdef HAVE_OPENSSL_ECC
84  EC_KEY *ecdh_privkey;
85 #elif defined HAVE_GCRYPT_ECC
86  gcry_sexp_t ecdh_privkey;
87 #elif defined HAVE_LIBMBEDCRYPTO
88  mbedtls_ecp_keypair *ecdh_privkey;
89 #endif
90  ssh_string ecdh_client_pubkey;
91  ssh_string ecdh_server_pubkey;
92 #endif
93 #ifdef HAVE_CURVE25519
94  ssh_curve25519_privkey curve25519_privkey;
95  ssh_curve25519_pubkey curve25519_client_pubkey;
96  ssh_curve25519_pubkey curve25519_server_pubkey;
97 #endif
98  ssh_string dh_server_signature; /* information used by dh_handshake. */
99  size_t digest_len; /* len of all the fields below */
100  unsigned char *session_id;
101  unsigned char *secret_hash; /* Secret hash is same as session id until re-kex */
102  unsigned char *encryptIV;
103  unsigned char *decryptIV;
104  unsigned char *decryptkey;
105  unsigned char *encryptkey;
106  unsigned char *encryptMAC;
107  unsigned char *decryptMAC;
108  unsigned char hmacbuf[DIGEST_MAX_LEN];
109  struct ssh_cipher_struct *in_cipher, *out_cipher; /* the cipher structures/objects */
110  enum ssh_hmac_e in_hmac, out_hmac; /* the MAC algorithms used */
111 
112  ssh_key server_pubkey;
113  int do_compress_out; /* idem */
114  int do_compress_in; /* don't set them, set the option instead */
115  int delayed_compress_in; /* Use of zlib@openssh.org */
116  int delayed_compress_out;
117  void *compress_out_ctx; /* don't touch it */
118  void *compress_in_ctx; /* really, don't */
119  /* kex sent by server, client, and mutually elected methods */
120  struct ssh_kex_struct server_kex;
121  struct ssh_kex_struct client_kex;
122  char *kex_methods[SSH_KEX_METHODS];
123  enum ssh_key_exchange_e kex_type;
124  enum ssh_mac_e mac_type; /* Mac operations to use for key gen */
125 };
126 
127 struct ssh_cipher_struct {
128  const char *name; /* ssh name of the algorithm */
129  unsigned int blocksize; /* blocksize of the algo */
130  enum ssh_cipher_e ciphertype;
131  uint32_t lenfield_blocksize; /* blocksize of the packet length field */
132  size_t keylen; /* length of the key structure */
133 #ifdef HAVE_LIBGCRYPT
134  gcry_cipher_hd_t *key;
135 #elif defined HAVE_LIBCRYPTO
136  struct ssh_3des_key_schedule *des3_key;
137  struct ssh_aes_key_schedule *aes_key;
138  const EVP_CIPHER *cipher;
139  EVP_CIPHER_CTX *ctx;
140 #elif defined HAVE_LIBMBEDCRYPTO
141  mbedtls_cipher_context_t encrypt_ctx;
142  mbedtls_cipher_context_t decrypt_ctx;
143  mbedtls_cipher_type_t type;
144 #endif
145  struct chacha20_poly1305_keysched *chacha20_schedule;
146  unsigned int keysize; /* bytes of key used. != keylen */
147  size_t tag_size; /* overhead required for tag */
148  /* sets the new key for immediate use */
149  int (*set_encrypt_key)(struct ssh_cipher_struct *cipher, void *key, void *IV);
150  int (*set_decrypt_key)(struct ssh_cipher_struct *cipher, void *key, void *IV);
151  void (*encrypt)(struct ssh_cipher_struct *cipher, void *in, void *out,
152  unsigned long len);
153  void (*decrypt)(struct ssh_cipher_struct *cipher, void *in, void *out,
154  unsigned long len);
155  void (*aead_encrypt)(struct ssh_cipher_struct *cipher, void *in, void *out,
156  size_t len, uint8_t *mac, uint64_t seq);
157  int (*aead_decrypt_length)(struct ssh_cipher_struct *cipher, void *in,
158  uint8_t *out, size_t len, uint64_t seq);
159  int (*aead_decrypt)(struct ssh_cipher_struct *cipher, void *complete_packet, uint8_t *out,
160  size_t encrypted_size, uint64_t seq);
161  void (*cleanup)(struct ssh_cipher_struct *cipher);
162 };
163 
164 const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(void);
165 
166 #endif /* _CRYPTO_H_ */