summaryrefslogtreecommitdiffstats
path: root/include/libssh
diff options
context:
space:
mode:
Diffstat (limited to 'include/libssh')
-rw-r--r--include/libssh/crypto.h35
-rw-r--r--include/libssh/dh.h3
-rw-r--r--include/libssh/ecdh.h39
-rw-r--r--include/libssh/libcrypto.h5
-rw-r--r--include/libssh/libgcrypt.h7
-rw-r--r--include/libssh/session.h2
-rw-r--r--include/libssh/ssh2.h4
-rw-r--r--include/libssh/wrapper.h24
8 files changed, 104 insertions, 15 deletions
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index 1c543f5..d5b95b9 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -40,18 +40,31 @@
#undef cbc_decrypt
#endif
-struct ssh_crypto_struct {
- bignum e,f,x,k,y;
- unsigned char session_id[SHA_DIGEST_LEN];
-
- unsigned char encryptIV[SHA_DIGEST_LEN*2];
- unsigned char decryptIV[SHA_DIGEST_LEN*2];
+#ifdef HAVE_OPENSSL_ECDH_H
+#include <openssl/ecdh.h>
+#endif
- unsigned char decryptkey[SHA_DIGEST_LEN*2];
- unsigned char encryptkey[SHA_DIGEST_LEN*2];
+enum ssh_key_exchange_e {
+ /* diffie-hellman-group1-sha1 */
+ SSH_KEX_DH_GROUP1_SHA1=1,
+ /* ecdh-sha2-nistp256 */
+ SSH_KEX_ECDH_SHA2_NISTP256
+};
- unsigned char encryptMAC[SHA_DIGEST_LEN];
- unsigned char decryptMAC[SHA_DIGEST_LEN];
+struct ssh_crypto_struct {
+ bignum e,f,x,k,y;
+ EC_KEY *ecdh_privkey;
+ ssh_string ecdh_client_pubkey;
+ ssh_string ecdh_server_pubkey;
+ ssh_string dh_server_signature; /* information used by dh_handshake. */
+ size_t digest_len; /* len of all the fields below */
+ unsigned char *session_id;
+ unsigned char *encryptIV;
+ unsigned char *decryptIV;
+ unsigned char *decryptkey;
+ unsigned char *encryptkey;
+ unsigned char *encryptMAC;
+ unsigned char *decryptMAC;
unsigned char hmacbuf[EVP_MAX_MD_SIZE];
struct crypto_struct *in_cipher, *out_cipher; /* the cipher structures/objects */
ssh_string server_pubkey;
@@ -62,6 +75,8 @@ struct ssh_crypto_struct {
int delayed_compress_out;
void *compress_out_ctx; /* don't touch it */
void *compress_in_ctx; /* really, don't */
+ enum ssh_key_exchange_e kex_type;
+ enum ssh_mac_e mac_type; /* Mac operations to use for key gen */
};
struct crypto_struct {
diff --git a/include/libssh/dh.h b/include/libssh/dh.h
index ece7c01..d4cd0c2 100644
--- a/include/libssh/dh.h
+++ b/include/libssh/dh.h
@@ -41,6 +41,9 @@ int dh_import_f(ssh_session session,ssh_string f_string);
int dh_import_e(ssh_session session, ssh_string e_string);
void dh_import_pubkey(ssh_session session,ssh_string pubkey_string);
int dh_build_k(ssh_session session);
+int ssh_client_dh_init(ssh_session session);
+int ssh_client_dh_reply(ssh_session session, ssh_buffer packet);
+
int make_sessionid(ssh_session session);
/* add data for the final cookie */
int hashbufin_add_cookie(ssh_session session, unsigned char *cookie);
diff --git a/include/libssh/ecdh.h b/include/libssh/ecdh.h
new file mode 100644
index 0000000..5cc208c
--- /dev/null
+++ b/include/libssh/ecdh.h
@@ -0,0 +1,39 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2011 by Aris Adamantiadis
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#ifndef ECDH_H_
+#define ECDH_H_
+
+#include "config.h"
+
+#ifdef HAVE_LIBCRYPTO
+#ifdef HAVE_OPENSSL_ECDH_H
+
+#define HAVE_ECDH
+
+#endif /* HAVE_OPENSSL_ECDH_H */
+#endif /* HAVE_LIBCRYPTO */
+
+int ssh_client_ecdh_init(ssh_session session);
+int ssh_client_ecdh_reply(ssh_session session, ssh_buffer packet);
+
+
+#endif /* ECDH_H_ */
diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h
index 12dd222..f198660 100644
--- a/include/libssh/libcrypto.h
+++ b/include/libssh/libcrypto.h
@@ -32,6 +32,7 @@
#include <openssl/md5.h>
#include <openssl/hmac.h>
typedef SHA_CTX* SHACTX;
+typedef SHA256_CTX* SHA256CTX;
typedef MD5_CTX* MD5CTX;
typedef HMAC_CTX* HMACCTX;
@@ -67,6 +68,10 @@ typedef BN_CTX* bignum_CTX;
#define bignum_bn2bin(num,ptr) BN_bn2bin(num,ptr)
#define bignum_cmp(num1,num2) BN_cmp(num1,num2)
+SHA256CTX sha256_init(void);
+void sha256_update(SHA256CTX c, const void *data, unsigned long len);
+void sha256_final(unsigned char *md, SHA256CTX c);
+
struct crypto_struct *ssh_get_ciphertab(void);
#endif /* HAVE_LIBCRYPTO */
diff --git a/include/libssh/libgcrypt.h b/include/libssh/libgcrypt.h
index 0b1b16d..3afbcb4 100644
--- a/include/libssh/libgcrypt.h
+++ b/include/libssh/libgcrypt.h
@@ -30,8 +30,13 @@
typedef gcry_md_hd_t SHACTX;
typedef gcry_md_hd_t MD5CTX;
typedef gcry_md_hd_t HMACCTX;
-#define SHA_DIGEST_LEN 20
+#define SHA_DIGEST_LENGTH 20
+#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
#define MD5_DIGEST_LEN 16
+#define SHA256_DIGEST_LENGTH 32
+#define SHA384_DIGEST_LENGTH 48
+#define SHA512_DIGEST_LENGTH 64
+
#define EVP_MAX_MD_SIZE 36
typedef gcry_mpi_t bignum;
diff --git a/include/libssh/session.h b/include/libssh/session.h
index a31e6bf..2d4b05b 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -103,7 +103,7 @@ struct ssh_session_struct {
enum ssh_auth_service_state_e auth_service_state;
enum ssh_auth_state_e auth_state;
enum ssh_channel_request_state_e global_req_state;
- ssh_string dh_server_signature; /* information used by dh_handshake. */
+
KEX server_kex;
KEX client_kex;
ssh_buffer in_hashbuf;
diff --git a/include/libssh/ssh2.h b/include/libssh/ssh2.h
index bd89f4e..f66dd2a 100644
--- a/include/libssh/ssh2.h
+++ b/include/libssh/ssh2.h
@@ -13,6 +13,10 @@
#define SSH2_MSG_KEXDH_INIT 30
#define SSH2_MSG_KEXDH_REPLY 31
+#define SSH2_MSG_KEX_ECDH_INIT 30
+#define SSH2_MSG_KEX_ECDH_REPLY 31
+#define SSH2_MSG_ECMQV_INIT 30
+#define SSH2_MSG_ECMQV_REPLY 31
#define SSH2_MSG_KEX_DH_GEX_REQUEST_OLD 30
#define SSH2_MSG_KEX_DH_GEX_GROUP 31
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index 8c03497..7fe6f8a 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -25,7 +25,21 @@
#include "config.h"
#include "libssh/libcrypto.h"
#include "libssh/libgcrypt.h"
+#include "libssh/crypto.h"
+enum ssh_mac_e {
+ SSH_MAC_SHA1=1,
+ SSH_MAC_SHA256,
+ SSH_MAC_SHA384,
+ SSH_MAC_SHA512
+};
+
+enum ssh_hmac_e {
+ SSH_HMAC_SHA1 = 1,
+ SSH_HMAC_MD5
+};
+
+typedef struct ssh_mac_ctx_struct *ssh_mac_ctx;
MD5CTX md5_init(void);
void md5_update(MD5CTX c, const void *data, unsigned long len);
void md5_final(unsigned char *md,MD5CTX c);
@@ -33,9 +47,13 @@ SHACTX sha1_init(void);
void sha1_update(SHACTX c, const void *data, unsigned long len);
void sha1_final(unsigned char *md,SHACTX c);
void sha1(unsigned char *digest,int len,unsigned char *hash);
-#define HMAC_SHA1 1
-#define HMAC_MD5 2
-HMACCTX hmac_init(const void *key,int len,int type);
+void sha256(unsigned char *digest, int len, unsigned char *hash);
+
+ssh_mac_ctx ssh_mac_ctx_init(enum ssh_mac_e type);
+void ssh_mac_update(ssh_mac_ctx ctx, const void *data, unsigned long len);
+void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx);
+
+HMACCTX hmac_init(const void *key,int len, enum ssh_hmac_e type);
void hmac_update(HMACCTX c, const void *data, unsigned long len);
void hmac_final(HMACCTX ctx,unsigned char *hashmacbuf,unsigned int *len);
generated by cgit (git 2.34.1) at 2025-09-22 20:31:37 +0000