41
#ifdef LIBSSH2_CRYPTO_C
43
int _libssh2_hmac_ctx_init(libssh2_hmac_ctx *ctx)
50
int _libssh2_hmac_md5_init(libssh2_hmac_ctx *ctx,
51
void *key, size_t keylen)
54
err = gcry_md_open(ctx, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
55
if(gcry_err_code(err) != GPG_ERR_NO_ERROR)
57
err = gcry_md_setkey(*ctx, key, keylen);
58
if(gcry_err_code(err) != GPG_ERR_NO_ERROR)
64
#if LIBSSH2_HMAC_RIPEMD
65
int _libssh2_hmac_ripemd160_init(libssh2_hmac_ctx *ctx,
66
void *key, size_t keylen)
69
err = gcry_md_open(ctx, GCRY_MD_RMD160, GCRY_MD_FLAG_HMAC);
70
if(gcry_err_code(err) != GPG_ERR_NO_ERROR)
72
err = gcry_md_setkey(*ctx, key, keylen);
73
if(gcry_err_code(err) != GPG_ERR_NO_ERROR)
79
int _libssh2_hmac_sha1_init(libssh2_hmac_ctx *ctx,
80
void *key, size_t keylen)
83
err = gcry_md_open(ctx, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
84
if(gcry_err_code(err) != GPG_ERR_NO_ERROR)
86
err = gcry_md_setkey(*ctx, key, keylen);
87
if(gcry_err_code(err) != GPG_ERR_NO_ERROR)
92
int _libssh2_hmac_sha256_init(libssh2_hmac_ctx *ctx,
93
void *key, size_t keylen)
96
err = gcry_md_open(ctx, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
97
if(gcry_err_code(err) != GPG_ERR_NO_ERROR)
99
err = gcry_md_setkey(*ctx, key, keylen);
100
if(gcry_err_code(err) != GPG_ERR_NO_ERROR)
105
int _libssh2_hmac_sha512_init(libssh2_hmac_ctx *ctx,
106
void *key, size_t keylen)
109
err = gcry_md_open(ctx, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC);
110
if(gcry_err_code(err) != GPG_ERR_NO_ERROR)
112
err = gcry_md_setkey(*ctx, key, keylen);
113
if(gcry_err_code(err) != GPG_ERR_NO_ERROR)
118
int _libssh2_hmac_update(libssh2_hmac_ctx *ctx,
119
const void *data, size_t datalen)
121
gcry_md_write(*ctx, data, datalen);
125
int _libssh2_hmac_final(libssh2_hmac_ctx *ctx, void *data)
127
unsigned char *res = gcry_md_read(*ctx, 0);
132
memcpy(data, res, gcry_md_get_algo_dlen(gcry_md_get_algo(*ctx)));
137
void _libssh2_hmac_cleanup(libssh2_hmac_ctx *ctx)
144
_libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
145
const unsigned char *edata,
147
const unsigned char *ndata,
149
const unsigned char *ddata,
151
const unsigned char *pdata,
153
const unsigned char *qdata,
155
const unsigned char *e1data,
157
const unsigned char *e2data,
159
const unsigned char *coeffdata, unsigned long coefflen)
169
rc = gcry_sexp_build(rsa, NULL,
170
"(private-key(rsa(n%b)(e%b)(d%b)(q%b)(p%b)(u%b)))",
171
nlen, ndata, elen, edata, dlen, ddata, plen, pdata,
172
qlen, qdata, coefflen, coeffdata);
175
rc = gcry_sexp_build(rsa, NULL, "(public-key(rsa(n%b)(e%b)))",
176
nlen, ndata, elen, edata);
188
_libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsa,
189
const unsigned char *sig,
191
const unsigned char *m, size_t m_len)
193
unsigned char hash[SHA_DIGEST_LENGTH];
194
gcry_sexp_t s_sig, s_hash;
197
if(libssh2_sha1(m, m_len, hash)) {
201
rc = gcry_sexp_build(&s_hash, NULL,
202
"(data (flags pkcs1) (hash sha1 %b))",
203
SHA_DIGEST_LENGTH, hash);
208
rc = gcry_sexp_build(&s_sig, NULL, "(sig-val(rsa(s %b)))", sig_len, sig);
210
gcry_sexp_release(s_hash);
214
rc = gcry_pk_verify(s_sig, s_hash, rsa);
215
gcry_sexp_release(s_sig);
216
gcry_sexp_release(s_hash);
218
return (rc == 0) ? 0 : -1;
225
_libssh2_dsa_new(libssh2_dsa_ctx ** dsactx,
226
const unsigned char *p,
228
const unsigned char *q,
230
const unsigned char *g,
232
const unsigned char *y,
234
const unsigned char *x, unsigned long x_len)
239
rc = gcry_sexp_build(dsactx, NULL,
240
"(private-key(dsa(p%b)(q%b)(g%b)(y%b)(x%b)))",
241
p_len, p, q_len, q, g_len, g, y_len, y, x_len, x);
244
rc = gcry_sexp_build(dsactx, NULL,
245
"(public-key(dsa(p%b)(q%b)(g%b)(y%b)))",
246
p_len, p, q_len, q, g_len, g, y_len, y);
260
_libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa,
261
LIBSSH2_SESSION * session,
262
const char *filedata, size_t filedata_len,
263
unsigned const char *passphrase)
270
return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
271
"Unable to extract private key from memory: "
272
"Method unimplemented in libgcrypt backend");
276
_libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
277
LIBSSH2_SESSION * session,
278
const char *filename, unsigned const char *passphrase)
281
unsigned char *data, *save_data;
284
unsigned char *n, *e, *d, *p, *q, *e1, *e2, *coeff;
285
unsigned int nlen, elen, dlen, plen, qlen, e1len, e2len, coefflen;
287
fp = fopen(filename, FOPEN_READTEXT);
292
ret = _libssh2_pem_parse(session,
293
"-----BEGIN RSA PRIVATE KEY-----",
294
"-----END RSA PRIVATE KEY-----",
296
fp, &data, &datalen);
304
if(_libssh2_pem_decode_sequence(&data, &datalen)) {
310
ret = _libssh2_pem_decode_integer(&data, &datalen, &n, &nlen);
311
if(ret || (nlen != 1 && *n != '\0')) {
316
ret = _libssh2_pem_decode_integer(&data, &datalen, &n, &nlen);
322
ret = _libssh2_pem_decode_integer(&data, &datalen, &e, &elen);
328
ret = _libssh2_pem_decode_integer(&data, &datalen, &d, &dlen);
334
ret = _libssh2_pem_decode_integer(&data, &datalen, &p, &plen);
340
ret = _libssh2_pem_decode_integer(&data, &datalen, &q, &qlen);
346
ret = _libssh2_pem_decode_integer(&data, &datalen, &e1, &e1len);
352
ret = _libssh2_pem_decode_integer(&data, &datalen, &e2, &e2len);
358
ret = _libssh2_pem_decode_integer(&data, &datalen, &coeff, &coefflen);
364
if(_libssh2_rsa_new(rsa, e, elen, n, nlen, d, dlen, p, plen,
365
q, qlen, e1, e1len, e2, e2len, coeff, coefflen)) {
373
LIBSSH2_FREE(session, save_data);
380
_libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa,
381
LIBSSH2_SESSION * session,
382
const char *filedata, size_t filedata_len,
383
unsigned const char *passphrase)
390
return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
391
"Unable to extract private key from memory: "
392
"Method unimplemented in libgcrypt backend");
396
_libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
397
LIBSSH2_SESSION * session,
398
const char *filename, unsigned const char *passphrase)
401
unsigned char *data, *save_data;
404
unsigned char *p, *q, *g, *y, *x;
405
unsigned int plen, qlen, glen, ylen, xlen;
407
fp = fopen(filename, FOPEN_READTEXT);
412
ret = _libssh2_pem_parse(session,
413
"-----BEGIN DSA PRIVATE KEY-----",
414
"-----END DSA PRIVATE KEY-----",
416
fp, &data, &datalen);
424
if(_libssh2_pem_decode_sequence(&data, &datalen)) {
430
ret = _libssh2_pem_decode_integer(&data, &datalen, &p, &plen);
431
if(ret || (plen != 1 && *p != '\0')) {
436
ret = _libssh2_pem_decode_integer(&data, &datalen, &p, &plen);
442
ret = _libssh2_pem_decode_integer(&data, &datalen, &q, &qlen);
448
ret = _libssh2_pem_decode_integer(&data, &datalen, &g, &glen);
454
ret = _libssh2_pem_decode_integer(&data, &datalen, &y, &ylen);
460
ret = _libssh2_pem_decode_integer(&data, &datalen, &x, &xlen);
471
if(_libssh2_dsa_new(dsa, p, plen, q, qlen, g, glen, y, ylen, x, xlen)) {
479
LIBSSH2_FREE(session, save_data);
487
_libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session,
488
libssh2_rsa_ctx * rsactx,
489
const unsigned char *hash,
491
unsigned char **signature, size_t *signature_len)
493
gcry_sexp_t sig_sexp;
499
if(hash_len != SHA_DIGEST_LENGTH) {
503
if(gcry_sexp_build(&data, NULL,
504
"(data (flags pkcs1) (hash sha1 %b))",
509
rc = gcry_pk_sign(&sig_sexp, data, rsactx);
511
gcry_sexp_release(data);
517
data = gcry_sexp_find_token(sig_sexp, "s", 0);
522
tmp = gcry_sexp_nth_data(data, 1, &size);
524
gcry_sexp_release(data);
533
*signature = LIBSSH2_ALLOC(session, size);
535
gcry_sexp_release(data);
538
memcpy(*signature, tmp, size);
539
*signature_len = size;
541
gcry_sexp_release(data);
550
_libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
551
const unsigned char *hash,
552
size_t hash_len, unsigned char *sig)
554
unsigned char zhash[SHA_DIGEST_LENGTH + 1];
555
gcry_sexp_t sig_sexp;
561
if(hash_len != SHA_DIGEST_LENGTH) {
565
memcpy(zhash + 1, hash, hash_len);
568
if(gcry_sexp_build(&data, NULL, "(data (value %b))",
569
(int)(hash_len + 1), zhash)) {
573
ret = gcry_pk_sign(&sig_sexp, data, dsactx);
575
gcry_sexp_release(data);
585
data = gcry_sexp_find_token(sig_sexp, "r", 0);
589
tmp = gcry_sexp_nth_data(data, 1, &size);
598
if(size < 1 || size > 20)
601
memcpy(sig + (20 - size), tmp, size);
603
gcry_sexp_release(data);
607
data = gcry_sexp_find_token(sig_sexp, "s", 0);
611
tmp = gcry_sexp_nth_data(data, 1, &size);
620
if(size < 1 || size > 20)
623
memcpy(sig + 20 + (20 - size), tmp, size);
631
gcry_sexp_release(sig_sexp);
634
gcry_sexp_release(data);
640
_libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,
641
const unsigned char *sig,
642
const unsigned char *m, size_t m_len)
644
unsigned char hash[SHA_DIGEST_LENGTH + 1];
645
gcry_sexp_t s_sig, s_hash;
648
if(libssh2_sha1(m, m_len, hash + 1)) {
653
if(gcry_sexp_build(&s_hash, NULL, "(data(flags raw)(value %b))",
654
SHA_DIGEST_LENGTH + 1, hash)) {
658
if(gcry_sexp_build(&s_sig, NULL, "(sig-val(dsa(r %b)(s %b)))",
659
20, sig, 20, sig + 20)) {
660
gcry_sexp_release(s_hash);
664
rc = gcry_pk_verify(s_sig, s_hash, dsactx);
665
gcry_sexp_release(s_sig);
666
gcry_sexp_release(s_hash);
668
return (rc == 0) ? 0 : -1;
673
_libssh2_cipher_init(_libssh2_cipher_ctx * h,
674
_libssh2_cipher_type(algo),
675
unsigned char *iv, unsigned char *secret, int encrypt)
678
int cipher = _libssh2_gcry_cipher(algo);
679
int mode = _libssh2_gcry_mode(algo);
680
size_t keylen = gcry_cipher_get_algo_keylen(cipher);
684
ret = gcry_cipher_open(h, cipher, mode, 0);
689
ret = gcry_cipher_setkey(*h, secret, keylen);
691
gcry_cipher_close(*h);
695
if(mode != GCRY_CIPHER_MODE_STREAM) {
696
size_t blklen = gcry_cipher_get_algo_blklen(cipher);
697
if(mode == GCRY_CIPHER_MODE_CTR)
698
ret = gcry_cipher_setctr(*h, iv, blklen);
700
ret = gcry_cipher_setiv(*h, iv, blklen);
702
gcry_cipher_close(*h);
711
_libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
712
_libssh2_cipher_type(algo),
713
int encrypt, unsigned char *block, size_t blklen,
722
ret = gcry_cipher_encrypt(*ctx, block, blklen, block, blklen);
725
ret = gcry_cipher_decrypt(*ctx, block, blklen, block, blklen);
731
_libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
732
unsigned char **method,
734
unsigned char **pubkeydata,
735
size_t *pubkeydata_len,
736
const char *privatekeydata,
737
size_t privatekeydata_len,
738
const char *passphrase)
743
(void)pubkeydata_len;
744
(void)privatekeydata;
745
(void)privatekeydata_len;
748
return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
749
"Unable to extract public key from private "
751
"Method unimplemented in libgcrypt backend");
755
_libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
756
unsigned char **method,
758
unsigned char **pubkeydata,
759
size_t *pubkeydata_len,
760
const char *privatekey,
761
const char *passphrase)
766
(void)pubkeydata_len;
770
return _libssh2_error(session, LIBSSH2_ERROR_FILE,
771
"Unable to extract public key from private key file: "
772
"Method unimplemented in libgcrypt backend");
776
_libssh2_sk_pub_keyfilememory(LIBSSH2_SESSION *session,
777
unsigned char **method,
779
unsigned char **pubkeydata,
780
size_t *pubkeydata_len,
782
unsigned char *flags,
783
const char **application,
784
const unsigned char **key_handle,
786
const char *privatekeydata,
787
size_t privatekeydata_len,
788
const char *passphrase)
793
(void)pubkeydata_len;
799
(void)privatekeydata;
800
(void)privatekeydata_len;
803
return _libssh2_error(session, LIBSSH2_ERROR_FILE,
804
"Unable to extract public SK key from private key file: "
805
"Method unimplemented in libgcrypt backend");
808
void _libssh2_init_aes_ctr(void)
814
_libssh2_dh_init(_libssh2_dh_ctx *dhctx)
816
*dhctx = gcry_mpi_new(0);
820
_libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public,
821
_libssh2_bn *g, _libssh2_bn *p, int group_order)
824
gcry_mpi_randomize(*dhctx, group_order * 8 - 1, GCRY_WEAK_RANDOM);
825
gcry_mpi_powm(public, g, *dhctx, p);
830
_libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret,
831
_libssh2_bn *f, _libssh2_bn *p)
834
gcry_mpi_powm(secret, f, *dhctx, p);
839
_libssh2_dh_dtor(_libssh2_dh_ctx *dhctx)
841
gcry_mpi_release(*dhctx);
852
_libssh2_supported_key_sign_algorithms(LIBSSH2_SESSION *session,
853
unsigned char *key_method,
854
size_t key_method_len)
858
(void)key_method_len;