1
/* Copyright (C) Art <https://github.com/wildart>
4
* Redistribution and use in source and binary forms,
5
* with or without modification, are permitted provided
6
* that the following conditions are met:
8
* Redistributions of source code must retain the above
9
* copyright notice, this list of conditions and the
10
* following disclaimer.
12
* Redistributions in binary form must reproduce the above
13
* copyright notice, this list of conditions and the following
14
* disclaimer in the documentation and/or other materials
15
* provided with the distribution.
17
* Neither the name of the copyright holder nor the names
18
* of any other contributors may be used to endorse or
19
* promote products derived from this software without
20
* specific prior written permission.
22
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
23
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
24
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
27
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
29
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
30
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
31
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
32
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
33
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
34
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
37
* SPDX-License-Identifier: BSD-3-Clause
40
#ifdef LIBSSH2_CRYPTO_C /* Compile this via crypto.c */
44
#if MBEDTLS_VERSION_NUMBER < 0x03000000
45
#define mbedtls_cipher_info_get_key_bitlen(c) (c->key_bitlen)
46
#define mbedtls_cipher_info_get_iv_size(c) (c->iv_size)
47
#define mbedtls_rsa_get_len(rsa) (rsa->len)
49
#define MBEDTLS_PRIVATE(m) m
52
/*******************************************************************/
54
* mbedTLS backend: Global context handles
57
static mbedtls_entropy_context _libssh2_mbedtls_entropy;
58
static mbedtls_ctr_drbg_context _libssh2_mbedtls_ctr_drbg;
60
/*******************************************************************/
62
* mbedTLS backend: Generic functions
66
_libssh2_mbedtls_init(void)
70
mbedtls_entropy_init(&_libssh2_mbedtls_entropy);
71
mbedtls_ctr_drbg_init(&_libssh2_mbedtls_ctr_drbg);
73
ret = mbedtls_ctr_drbg_seed(&_libssh2_mbedtls_ctr_drbg,
75
&_libssh2_mbedtls_entropy, NULL, 0);
77
mbedtls_ctr_drbg_free(&_libssh2_mbedtls_ctr_drbg);
81
_libssh2_mbedtls_free(void)
83
mbedtls_ctr_drbg_free(&_libssh2_mbedtls_ctr_drbg);
84
mbedtls_entropy_free(&_libssh2_mbedtls_entropy);
88
_libssh2_mbedtls_random(unsigned char *buf, size_t len)
91
ret = mbedtls_ctr_drbg_random(&_libssh2_mbedtls_ctr_drbg, buf, len);
92
return ret == 0 ? 0 : -1;
96
_libssh2_mbedtls_safe_free(void *buf, size_t len)
102
_libssh2_explicit_zero(buf, len);
108
_libssh2_mbedtls_cipher_init(_libssh2_cipher_ctx *ctx,
109
_libssh2_cipher_type(algo),
111
unsigned char *secret,
114
const mbedtls_cipher_info_t *cipher_info;
120
op = encrypt == 0 ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT;
122
cipher_info = mbedtls_cipher_info_from_type(algo);
126
mbedtls_cipher_init(ctx);
127
ret = mbedtls_cipher_setup(ctx, cipher_info);
129
ret = mbedtls_cipher_setkey(ctx,
131
(int)mbedtls_cipher_info_get_key_bitlen(cipher_info),
135
ret = mbedtls_cipher_set_iv(ctx, iv,
136
mbedtls_cipher_info_get_iv_size(cipher_info));
138
return ret == 0 ? 0 : -1;
142
_libssh2_mbedtls_cipher_crypt(_libssh2_cipher_ctx *ctx,
143
_libssh2_cipher_type(algo),
145
unsigned char *block,
146
size_t blocklen, int firstlast)
149
unsigned char *output;
150
size_t osize, olen, finish_olen;
156
osize = blocklen + mbedtls_cipher_get_block_size(ctx);
158
output = (unsigned char *)mbedtls_calloc(osize, sizeof(char));
160
ret = mbedtls_cipher_reset(ctx);
163
ret = mbedtls_cipher_update(ctx, block, blocklen, output, &olen);
166
ret = mbedtls_cipher_finish(ctx, output + olen, &finish_olen);
170
memcpy(block, output, olen);
173
_libssh2_mbedtls_safe_free(output, osize);
178
return ret == 0 ? 0 : -1;
182
_libssh2_mbedtls_cipher_dtor(_libssh2_cipher_ctx *ctx)
184
mbedtls_cipher_free(ctx);
189
_libssh2_mbedtls_hash_init(mbedtls_md_context_t *ctx,
190
mbedtls_md_type_t mdtype,
191
const unsigned char *key, size_t keylen)
193
const mbedtls_md_info_t *md_info;
196
md_info = mbedtls_md_info_from_type(mdtype);
202
mbedtls_md_init(ctx);
203
ret = mbedtls_md_setup(ctx, md_info, hmac);
206
ret = mbedtls_md_hmac_starts(ctx, key, keylen);
208
ret = mbedtls_md_starts(ctx);
211
return ret == 0 ? 1 : 0;
215
_libssh2_mbedtls_hash_final(mbedtls_md_context_t *ctx, unsigned char *hash)
219
ret = mbedtls_md_finish(ctx, hash);
220
mbedtls_md_free(ctx);
222
return ret == 0 ? 1 : 0;
226
_libssh2_mbedtls_hash(const unsigned char *data, size_t datalen,
227
mbedtls_md_type_t mdtype, unsigned char *hash)
229
const mbedtls_md_info_t *md_info;
232
md_info = mbedtls_md_info_from_type(mdtype);
236
ret = mbedtls_md(md_info, data, datalen, hash);
238
return ret == 0 ? 0 : -1;
241
int _libssh2_hmac_ctx_init(libssh2_hmac_ctx *ctx)
243
memset(ctx, 0, sizeof(*ctx));
248
int _libssh2_hmac_md5_init(libssh2_hmac_ctx *ctx,
249
void *key, size_t keylen)
251
return _libssh2_mbedtls_hash_init(ctx, MBEDTLS_MD_MD5, key, keylen);
255
#if LIBSSH2_HMAC_RIPEMD
256
int _libssh2_hmac_ripemd160_init(libssh2_hmac_ctx *ctx,
257
void *key, size_t keylen)
259
return _libssh2_mbedtls_hash_init(ctx, MBEDTLS_MD_RIPEMD160, key, keylen);
263
int _libssh2_hmac_sha1_init(libssh2_hmac_ctx *ctx,
264
void *key, size_t keylen)
266
return _libssh2_mbedtls_hash_init(ctx, MBEDTLS_MD_SHA1, key, keylen);
269
int _libssh2_hmac_sha256_init(libssh2_hmac_ctx *ctx,
270
void *key, size_t keylen)
272
return _libssh2_mbedtls_hash_init(ctx, MBEDTLS_MD_SHA256, key, keylen);
275
int _libssh2_hmac_sha512_init(libssh2_hmac_ctx *ctx,
276
void *key, size_t keylen)
278
return _libssh2_mbedtls_hash_init(ctx, MBEDTLS_MD_SHA512, key, keylen);
281
int _libssh2_hmac_update(libssh2_hmac_ctx *ctx,
282
const void *data, size_t datalen)
284
int ret = mbedtls_md_hmac_update(ctx, data, datalen);
286
return ret == 0 ? 1 : 0;
289
int _libssh2_hmac_final(libssh2_hmac_ctx *ctx, void *data)
291
int ret = mbedtls_md_hmac_finish(ctx, data);
293
return ret == 0 ? 1 : 0;
296
void _libssh2_hmac_cleanup(libssh2_hmac_ctx *ctx)
298
mbedtls_md_free(ctx);
301
/*******************************************************************/
303
* mbedTLS backend: BigNumber functions
307
_libssh2_mbedtls_bignum_init(void)
311
bignum = (_libssh2_bn *)mbedtls_calloc(1, sizeof(_libssh2_bn));
313
mbedtls_mpi_init(bignum);
320
_libssh2_mbedtls_bignum_free(_libssh2_bn *bn)
323
mbedtls_mpi_free(bn);
329
_libssh2_mbedtls_bignum_random(_libssh2_bn *bn, int bits, int top, int bottom)
338
len = (bits + 7) >> 3;
339
err = mbedtls_mpi_fill_random(bn, len, mbedtls_ctr_drbg_random,
340
&_libssh2_mbedtls_ctr_drbg);
344
/* Zero unused bits above the most significant bit */
345
for(i = len*8 - 1; (size_t)bits <= i; --i) {346
err = mbedtls_mpi_set_bit(bn, i, 0);
351
/* If `top` is -1, the most significant bit of the random number can be
352
zero. If top is 0, the most significant bit of the random number is
353
set to 1, and if top is 1, the two most significant bits of the number
354
will be set to 1, so that the product of two such random numbers will
355
always have 2*bits length.
358
for(i = 0; i <= (size_t)top; ++i) {359
err = mbedtls_mpi_set_bit(bn, bits-i-1, 1);
365
/* make odd by setting first bit in least significant byte */
367
err = mbedtls_mpi_set_bit(bn, 0, 1);
376
/*******************************************************************/
378
* mbedTLS backend: RSA functions
382
_libssh2_mbedtls_rsa_new(libssh2_rsa_ctx **rsa,
383
const unsigned char *edata,
385
const unsigned char *ndata,
387
const unsigned char *ddata,
389
const unsigned char *pdata,
391
const unsigned char *qdata,
393
const unsigned char *e1data,
395
const unsigned char *e2data,
397
const unsigned char *coeffdata,
398
unsigned long coefflen)
401
libssh2_rsa_ctx *ctx;
403
ctx = (libssh2_rsa_ctx *) mbedtls_calloc(1, sizeof(libssh2_rsa_ctx));
405
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
406
mbedtls_rsa_init(ctx);
408
mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, 0);
414
/* !checksrc! disable ASSIGNWITHINCONDITION 1 */
415
if((ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(E)),
417
(ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(N)),
423
ctx->MBEDTLS_PRIVATE(len) =
424
mbedtls_mpi_size(&(ctx->MBEDTLS_PRIVATE(N)));
428
/* !checksrc! disable ASSIGNWITHINCONDITION 1 */
429
if((ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(D)),
431
(ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(P)),
433
(ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(Q)),
435
(ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(DP)),
437
(ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(DQ)),
439
(ret = mbedtls_mpi_read_binary(&(ctx->MBEDTLS_PRIVATE(QP)),
440
coeffdata, coefflen))) {443
ret = mbedtls_rsa_check_privkey(ctx);
446
ret = mbedtls_rsa_check_pubkey(ctx);
450
_libssh2_mbedtls_rsa_free(ctx);
458
_libssh2_mbedtls_rsa_new_private(libssh2_rsa_ctx **rsa,
459
LIBSSH2_SESSION *session,
460
const char *filename,
461
const unsigned char *passphrase)
464
mbedtls_pk_context pkey;
465
mbedtls_rsa_context *pk_rsa;
467
*rsa = (libssh2_rsa_ctx *) LIBSSH2_ALLOC(session, sizeof(libssh2_rsa_ctx));
471
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
472
mbedtls_rsa_init(*rsa);
474
mbedtls_rsa_init(*rsa, MBEDTLS_RSA_PKCS_V15, 0);
476
mbedtls_pk_init(&pkey);
478
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
479
ret = mbedtls_pk_parse_keyfile(&pkey, filename, (char *)passphrase,
480
mbedtls_ctr_drbg_random,
481
&_libssh2_mbedtls_ctr_drbg);
483
ret = mbedtls_pk_parse_keyfile(&pkey, filename, (char *)passphrase);
485
if(ret || mbedtls_pk_get_type(&pkey) != MBEDTLS_PK_RSA) {486
mbedtls_pk_free(&pkey);
487
mbedtls_rsa_free(*rsa);
488
LIBSSH2_FREE(session, *rsa);
493
pk_rsa = mbedtls_pk_rsa(pkey);
494
mbedtls_rsa_copy(*rsa, pk_rsa);
495
mbedtls_pk_free(&pkey);
501
_libssh2_mbedtls_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa,
502
LIBSSH2_SESSION *session,
503
const char *filedata,
505
unsigned const char *passphrase)
508
mbedtls_pk_context pkey;
509
mbedtls_rsa_context *pk_rsa;
510
void *filedata_nullterm;
513
*rsa = (libssh2_rsa_ctx *) mbedtls_calloc(1, sizeof(libssh2_rsa_ctx));
518
mbedtls checks in "mbedtls/pkparse.c:1184" if "key[keylen - 1] != '\0'"
519
private-key from memory will fail if the last byte is not a null byte
521
filedata_nullterm = mbedtls_calloc(filedata_len + 1, 1);
522
if(!filedata_nullterm) {525
memcpy(filedata_nullterm, filedata, filedata_len);
527
mbedtls_pk_init(&pkey);
529
pwd_len = passphrase ? strlen((const char *)passphrase) : 0;
530
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
531
ret = mbedtls_pk_parse_key(&pkey, (unsigned char *)filedata_nullterm,
534
mbedtls_ctr_drbg_random,
535
&_libssh2_mbedtls_ctr_drbg);
537
ret = mbedtls_pk_parse_key(&pkey, (unsigned char *)filedata_nullterm,
539
passphrase, pwd_len);
541
_libssh2_mbedtls_safe_free(filedata_nullterm, filedata_len);
543
if(ret || mbedtls_pk_get_type(&pkey) != MBEDTLS_PK_RSA) {544
mbedtls_pk_free(&pkey);
545
mbedtls_rsa_free(*rsa);
546
LIBSSH2_FREE(session, *rsa);
551
pk_rsa = mbedtls_pk_rsa(pkey);
552
mbedtls_rsa_copy(*rsa, pk_rsa);
553
mbedtls_pk_free(&pkey);
559
_libssh2_mbedtls_rsa_sha2_verify(libssh2_rsa_ctx * rsactx,
561
const unsigned char *sig,
563
const unsigned char *m,
570
if(sig_len < mbedtls_rsa_get_len(rsactx))
573
hash = malloc(hash_len);
577
if(hash_len == SHA_DIGEST_LENGTH) {578
md_type = MBEDTLS_MD_SHA1;
580
else if(hash_len == SHA256_DIGEST_LENGTH) {581
md_type = MBEDTLS_MD_SHA256;
583
else if(hash_len == SHA512_DIGEST_LENGTH) {584
md_type = MBEDTLS_MD_SHA512;
588
return -1; /* unsupported digest */
590
ret = _libssh2_mbedtls_hash(m, m_len, md_type, hash);
594
return -1; /* failure */
597
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
598
ret = mbedtls_rsa_pkcs1_verify(rsactx,
599
md_type, (unsigned int)hash_len,
602
ret = mbedtls_rsa_pkcs1_verify(rsactx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
603
md_type, (unsigned int)hash_len,
608
return (ret == 0) ? 0 : -1;
612
_libssh2_mbedtls_rsa_sha1_verify(libssh2_rsa_ctx * rsactx,
613
const unsigned char *sig,
615
const unsigned char *m,
618
return _libssh2_mbedtls_rsa_sha2_verify(rsactx, SHA_DIGEST_LENGTH,
619
sig, sig_len, m, m_len);
623
_libssh2_mbedtls_rsa_sha2_sign(LIBSSH2_SESSION *session,
624
libssh2_rsa_ctx *rsa,
625
const unsigned char *hash,
627
unsigned char **signature,
628
size_t *signature_len)
635
sig_len = mbedtls_rsa_get_len(rsa);
636
sig = LIBSSH2_ALLOC(session, sig_len);
641
if(hash_len == SHA_DIGEST_LENGTH) {642
md_type = MBEDTLS_MD_SHA1;
644
else if(hash_len == SHA256_DIGEST_LENGTH) {645
md_type = MBEDTLS_MD_SHA256;
647
else if(hash_len == SHA512_DIGEST_LENGTH) {648
md_type = MBEDTLS_MD_SHA512;
651
_libssh2_error(session, LIBSSH2_ERROR_PROTO,
652
"Unsupported hash digest length");
656
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
657
ret = mbedtls_rsa_pkcs1_sign(rsa,
658
mbedtls_ctr_drbg_random,
659
&_libssh2_mbedtls_ctr_drbg,
660
md_type, (unsigned int)hash_len,
663
ret = mbedtls_rsa_pkcs1_sign(rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE,
664
md_type, (unsigned int)hash_len,
669
LIBSSH2_FREE(session, sig);
674
*signature_len = sig_len;
676
return (ret == 0) ? 0 : -1;
680
_libssh2_mbedtls_rsa_sha1_sign(LIBSSH2_SESSION * session,
681
libssh2_rsa_ctx * rsactx,
682
const unsigned char *hash,
684
unsigned char **signature,
685
size_t *signature_len)
687
return _libssh2_mbedtls_rsa_sha2_sign(session, rsactx, hash, hash_len,
688
signature, signature_len);
692
_libssh2_mbedtls_rsa_free(libssh2_rsa_ctx *ctx)
694
mbedtls_rsa_free(ctx);
698
static unsigned char *
699
gen_publickey_from_rsa(LIBSSH2_SESSION *session,
700
mbedtls_rsa_context *rsa,
703
uint32_t e_bytes, n_bytes;
708
e_bytes = (uint32_t)mbedtls_mpi_size(&rsa->MBEDTLS_PRIVATE(E));
709
n_bytes = (uint32_t)mbedtls_mpi_size(&rsa->MBEDTLS_PRIVATE(N));
711
/* Key form is "ssh-rsa" + e + n. */
712
len = 4 + 7 + 4 + e_bytes + 4 + n_bytes;
714
key = LIBSSH2_ALLOC(session, len);
719
/* Process key encoding. */
722
_libssh2_htonu32(p, 7); /* Key type. */
724
memcpy(p, "ssh-rsa", 7);
727
_libssh2_htonu32(p, e_bytes);
729
mbedtls_mpi_write_binary(&rsa->MBEDTLS_PRIVATE(E), p, e_bytes);
731
_libssh2_htonu32(p, n_bytes);
733
mbedtls_mpi_write_binary(&rsa->MBEDTLS_PRIVATE(N), p, n_bytes);
735
*keylen = (size_t)(p - key);
740
_libssh2_mbedtls_pub_priv_key(LIBSSH2_SESSION *session,
741
unsigned char **method,
743
unsigned char **pubkeydata,
744
size_t *pubkeydata_len,
745
mbedtls_pk_context *pkey)
747
unsigned char *key = NULL, *mth = NULL;
748
size_t keylen = 0, mthlen = 0;
750
mbedtls_rsa_context *rsa;
752
if(mbedtls_pk_get_type(pkey) != MBEDTLS_PK_RSA) {753
mbedtls_pk_free(pkey);
754
return _libssh2_error(session, LIBSSH2_ERROR_FILE,
755
"Key type not supported");
760
mth = LIBSSH2_ALLOC(session, mthlen);
762
memcpy(mth, "ssh-rsa", mthlen);
768
rsa = mbedtls_pk_rsa(*pkey);
769
key = gen_publickey_from_rsa(session, rsa, &keylen);
777
LIBSSH2_FREE(session, mth);
779
LIBSSH2_FREE(session, key);
783
*method_len = mthlen;
785
*pubkeydata_len = keylen;
792
_libssh2_mbedtls_pub_priv_keyfile(LIBSSH2_SESSION *session,
793
unsigned char **method,
795
unsigned char **pubkeydata,
796
size_t *pubkeydata_len,
797
const char *privatekey,
798
const char *passphrase)
800
mbedtls_pk_context pkey;
804
mbedtls_pk_init(&pkey);
805
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
806
ret = mbedtls_pk_parse_keyfile(&pkey, privatekey, passphrase,
807
mbedtls_ctr_drbg_random,
808
&_libssh2_mbedtls_ctr_drbg);
810
ret = mbedtls_pk_parse_keyfile(&pkey, privatekey, passphrase);
813
mbedtls_strerror(ret, (char *)buf, sizeof(buf));
814
mbedtls_pk_free(&pkey);
815
return _libssh2_error(session, LIBSSH2_ERROR_FILE, buf);
818
ret = _libssh2_mbedtls_pub_priv_key(session, method, method_len,
819
pubkeydata, pubkeydata_len, &pkey);
821
mbedtls_pk_free(&pkey);
827
_libssh2_mbedtls_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
828
unsigned char **method,
830
unsigned char **pubkeydata,
831
size_t *pubkeydata_len,
832
const char *privatekeydata,
833
size_t privatekeydata_len,
834
const char *passphrase)
836
mbedtls_pk_context pkey;
839
void *privatekeydata_nullterm;
843
mbedtls checks in "mbedtls/pkparse.c:1184" if "key[keylen - 1] != '\0'"
844
private-key from memory will fail if the last byte is not a null byte
846
privatekeydata_nullterm = mbedtls_calloc(privatekeydata_len + 1, 1);
847
if(!privatekeydata_nullterm) {850
memcpy(privatekeydata_nullterm, privatekeydata, privatekeydata_len);
852
mbedtls_pk_init(&pkey);
854
pwd_len = passphrase ? strlen((const char *)passphrase) : 0;
855
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
856
ret = mbedtls_pk_parse_key(&pkey,
857
(unsigned char *)privatekeydata_nullterm,
858
privatekeydata_len + 1,
859
(const unsigned char *)passphrase, pwd_len,
860
mbedtls_ctr_drbg_random,
861
&_libssh2_mbedtls_ctr_drbg);
863
ret = mbedtls_pk_parse_key(&pkey,
864
(unsigned char *)privatekeydata_nullterm,
865
privatekeydata_len + 1,
866
(const unsigned char *)passphrase, pwd_len);
868
_libssh2_mbedtls_safe_free(privatekeydata_nullterm, privatekeydata_len);
871
mbedtls_strerror(ret, (char *)buf, sizeof(buf));
872
mbedtls_pk_free(&pkey);
873
return _libssh2_error(session, LIBSSH2_ERROR_FILE, buf);
876
ret = _libssh2_mbedtls_pub_priv_key(session, method, method_len,
877
pubkeydata, pubkeydata_len, &pkey);
879
mbedtls_pk_free(&pkey);
885
_libssh2_mbedtls_sk_pub_keyfilememory(LIBSSH2_SESSION *session,
886
unsigned char **method,
888
unsigned char **pubkeydata,
889
size_t *pubkeydata_len,
891
unsigned char *flags,
892
const char **application,
893
const unsigned char **key_handle,
895
const char *privatekeydata,
896
size_t privatekeydata_len,
897
const char *passphrase)
902
(void)pubkeydata_len;
908
(void)privatekeydata;
909
(void)privatekeydata_len;
912
return _libssh2_error(session, LIBSSH2_ERROR_FILE,
913
"Unable to extract public SK key from private key file: "
914
"Method unimplemented in mbedTLS backend");
917
void _libssh2_init_aes_ctr(void)
919
/* no implementation */
923
/*******************************************************************/
925
* mbedTLS backend: Diffie-Hellman functions
929
_libssh2_dh_init(_libssh2_dh_ctx *dhctx)
931
*dhctx = _libssh2_mbedtls_bignum_init(); /* Random from client */
935
_libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public,
936
_libssh2_bn *g, _libssh2_bn *p, int group_order)
938
/* Generate x and e */
939
_libssh2_mbedtls_bignum_random(*dhctx, group_order * 8 - 1, 0, -1);
940
mbedtls_mpi_exp_mod(public, g, *dhctx, p, NULL);
945
_libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret,
946
_libssh2_bn *f, _libssh2_bn *p)
948
/* Compute the shared secret */
949
mbedtls_mpi_exp_mod(secret, f, *dhctx, p, NULL);
954
_libssh2_dh_dtor(_libssh2_dh_ctx *dhctx)
956
_libssh2_mbedtls_bignum_free(*dhctx);
962
/*******************************************************************/
964
* mbedTLS backend: ECDSA functions
968
* _libssh2_ecdsa_create_key
970
* Creates a local private key based on input curve
971
* and returns octal value and octal length
976
_libssh2_mbedtls_ecdsa_create_key(LIBSSH2_SESSION *session,
977
_libssh2_ec_key **privkey,
978
unsigned char **pubkey_oct,
979
size_t *pubkey_oct_len,
980
libssh2_curve_type curve)
984
*privkey = LIBSSH2_ALLOC(session, sizeof(mbedtls_ecp_keypair));
989
mbedtls_ecdsa_init(*privkey);
991
if(mbedtls_ecdsa_genkey(*privkey, (mbedtls_ecp_group_id)curve,
992
mbedtls_ctr_drbg_random,
993
&_libssh2_mbedtls_ctr_drbg))
996
plen = 2 * mbedtls_mpi_size(&(*privkey)->MBEDTLS_PRIVATE(grp).P) + 1;
997
*pubkey_oct = LIBSSH2_ALLOC(session, plen);
1002
if(mbedtls_ecp_point_write_binary(&(*privkey)->MBEDTLS_PRIVATE(grp),
1003
&(*privkey)->MBEDTLS_PRIVATE(Q),
1004
MBEDTLS_ECP_PF_UNCOMPRESSED,
1005
pubkey_oct_len, *pubkey_oct, plen) == 0)
1010
_libssh2_mbedtls_ecdsa_free(*privkey);
1011
_libssh2_mbedtls_safe_free(*pubkey_oct, plen);
1017
/* _libssh2_ecdsa_curve_name_with_octal_new
1019
* Creates a new public key given an octal string, length and type
1024
_libssh2_mbedtls_ecdsa_curve_name_with_octal_new(libssh2_ecdsa_ctx **ctx,
1025
const unsigned char *k,
1027
libssh2_curve_type curve)
1029
*ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair));
1034
mbedtls_ecdsa_init(*ctx);
1036
if(mbedtls_ecp_group_load(&(*ctx)->MBEDTLS_PRIVATE(grp),
1037
(mbedtls_ecp_group_id)curve))
1040
if(mbedtls_ecp_point_read_binary(&(*ctx)->MBEDTLS_PRIVATE(grp),
1041
&(*ctx)->MBEDTLS_PRIVATE(Q),
1045
if(mbedtls_ecp_check_pubkey(&(*ctx)->MBEDTLS_PRIVATE(grp),
1046
&(*ctx)->MBEDTLS_PRIVATE(Q)) == 0)
1051
_libssh2_mbedtls_ecdsa_free(*ctx);
1057
/* _libssh2_ecdh_gen_k
1059
* Computes the shared secret K given a local private key,
1060
* remote public key and length
1064
_libssh2_mbedtls_ecdh_gen_k(_libssh2_bn **k,
1065
_libssh2_ec_key *privkey,
1066
const unsigned char *server_pubkey,
1067
size_t server_pubkey_len)
1069
mbedtls_ecp_point pubkey;
1075
mbedtls_ecp_point_init(&pubkey);
1077
if(mbedtls_ecp_point_read_binary(&privkey->MBEDTLS_PRIVATE(grp),
1079
server_pubkey, server_pubkey_len)) {1084
if(mbedtls_ecdh_compute_shared(&privkey->MBEDTLS_PRIVATE(grp), *k,
1086
&privkey->MBEDTLS_PRIVATE(d),
1087
mbedtls_ctr_drbg_random,
1088
&_libssh2_mbedtls_ctr_drbg)) {1093
if(mbedtls_ecp_check_privkey(&privkey->MBEDTLS_PRIVATE(grp), *k))
1098
mbedtls_ecp_point_free(&pubkey);
1103
#define LIBSSH2_MBEDTLS_ECDSA_VERIFY(digest_type) \
1105
unsigned char hsh[SHA##digest_type##_DIGEST_LENGTH]; \
1107
if(libssh2_sha##digest_type(m, m_len, hsh) == 0) { \1108
rc = mbedtls_ecdsa_verify(&ctx->MBEDTLS_PRIVATE(grp), hsh, \
1109
SHA##digest_type##_DIGEST_LENGTH, \
1110
&ctx->MBEDTLS_PRIVATE(Q), &pr, &ps); \
1114
/* _libssh2_ecdsa_verify
1116
* Verifies the ECDSA signature of a hashed message
1121
_libssh2_mbedtls_ecdsa_verify(libssh2_ecdsa_ctx *ctx,
1122
const unsigned char *r, size_t r_len,
1123
const unsigned char *s, size_t s_len,
1124
const unsigned char *m, size_t m_len)
1129
mbedtls_mpi_init(&pr);
1130
mbedtls_mpi_init(&ps);
1132
if(mbedtls_mpi_read_binary(&pr, r, r_len))
1135
if(mbedtls_mpi_read_binary(&ps, s, s_len))
1138
switch(_libssh2_ecdsa_get_curve_type(ctx)) {1139
case LIBSSH2_EC_CURVE_NISTP256:
1140
LIBSSH2_MBEDTLS_ECDSA_VERIFY(256);
1142
case LIBSSH2_EC_CURVE_NISTP384:
1143
LIBSSH2_MBEDTLS_ECDSA_VERIFY(384);
1145
case LIBSSH2_EC_CURVE_NISTP521:
1146
LIBSSH2_MBEDTLS_ECDSA_VERIFY(512);
1154
mbedtls_mpi_free(&pr);
1155
mbedtls_mpi_free(&ps);
1157
return (rc == 0) ? 0 : -1;
1161
_libssh2_mbedtls_parse_eckey(libssh2_ecdsa_ctx **ctx,
1162
mbedtls_pk_context *pkey,
1163
LIBSSH2_SESSION *session,
1164
const unsigned char *data,
1166
const unsigned char *pwd)
1170
pwd_len = pwd ? strlen((const char *) pwd) : 0;
1172
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
1173
if(mbedtls_pk_parse_key(pkey, data, data_len, pwd, pwd_len,
1174
mbedtls_ctr_drbg_random,
1175
&_libssh2_mbedtls_ctr_drbg))
1179
if(mbedtls_pk_parse_key(pkey, data, data_len, pwd, pwd_len))
1183
if(mbedtls_pk_get_type(pkey) != MBEDTLS_PK_ECKEY)
1186
*ctx = LIBSSH2_ALLOC(session, sizeof(libssh2_ecdsa_ctx));
1191
mbedtls_ecdsa_init(*ctx);
1193
if(mbedtls_ecdsa_from_keypair(*ctx, mbedtls_pk_ec(*pkey)) == 0)
1198
_libssh2_mbedtls_ecdsa_free(*ctx);
1205
_libssh2_mbedtls_parse_openssh_key(libssh2_ecdsa_ctx **ctx,
1206
LIBSSH2_SESSION *session,
1207
const unsigned char *data,
1209
const unsigned char *pwd)
1211
libssh2_curve_type type;
1212
unsigned char *name = NULL;
1213
struct string_buf *decrypted = NULL;
1214
size_t curvelen, exponentlen, pointlen;
1215
unsigned char *curve, *exponent, *point_buf;
1217
if(_libssh2_openssh_pem_parse_memory(session, pwd,
1218
(const char *)data, data_len,
1222
if(_libssh2_get_string(decrypted, &name, NULL))
1225
if(_libssh2_mbedtls_ecdsa_curve_type_from_name((const char *)name,
1229
if(_libssh2_get_string(decrypted, &curve, &curvelen))
1232
if(_libssh2_get_string(decrypted, &point_buf, &pointlen))
1235
if(_libssh2_get_bignum_bytes(decrypted, &exponent, &exponentlen))
1238
*ctx = LIBSSH2_ALLOC(session, sizeof(libssh2_ecdsa_ctx));
1243
mbedtls_ecdsa_init(*ctx);
1245
if(mbedtls_ecp_group_load(&(*ctx)->MBEDTLS_PRIVATE(grp),
1246
(mbedtls_ecp_group_id)type))
1249
if(mbedtls_mpi_read_binary(&(*ctx)->MBEDTLS_PRIVATE(d),
1250
exponent, exponentlen))
1253
if(mbedtls_ecp_mul(&(*ctx)->MBEDTLS_PRIVATE(grp),
1254
&(*ctx)->MBEDTLS_PRIVATE(Q),
1255
&(*ctx)->MBEDTLS_PRIVATE(d),
1256
&(*ctx)->MBEDTLS_PRIVATE(grp).G,
1257
mbedtls_ctr_drbg_random,
1258
&_libssh2_mbedtls_ctr_drbg))
1261
if(mbedtls_ecp_check_privkey(&(*ctx)->MBEDTLS_PRIVATE(grp),
1262
&(*ctx)->MBEDTLS_PRIVATE(d)) == 0)
1267
_libssh2_mbedtls_ecdsa_free(*ctx);
1273
_libssh2_string_buf_free(session, decrypted);
1276
return *ctx ? 0 : -1;
1279
/* _libssh2_ecdsa_new_private
1281
* Creates a new private key given a file path and password
1286
_libssh2_mbedtls_ecdsa_new_private(libssh2_ecdsa_ctx **ctx,
1287
LIBSSH2_SESSION *session,
1288
const char *filename,
1289
const unsigned char *pwd)
1291
mbedtls_pk_context pkey;
1292
unsigned char *data;
1295
#if MBEDTLS_VERSION_NUMBER >= 0x03060000 && \
1296
defined(_LIBSSH2_DISABLE_MBEDTLS36_PK_LOAD_FILE)
1298
/* FIXME: implement this functionality via a public API */
1305
if(mbedtls_pk_load_file(filename, &data, &data_len))
1308
mbedtls_pk_init(&pkey);
1310
if(_libssh2_mbedtls_parse_eckey(ctx, &pkey, session,
1311
data, data_len, pwd) == 0)
1314
_libssh2_mbedtls_parse_openssh_key(ctx, session, data, data_len, pwd);
1319
mbedtls_pk_free(&pkey);
1321
_libssh2_mbedtls_safe_free(data, data_len);
1323
return *ctx ? 0 : -1;
1326
/* _libssh2_ecdsa_new_private
1328
* Creates a new private key given a file data and password
1333
_libssh2_mbedtls_ecdsa_new_private_frommemory(libssh2_ecdsa_ctx **ctx,
1334
LIBSSH2_SESSION *session,
1337
const unsigned char *pwd)
1339
unsigned char *ntdata;
1340
mbedtls_pk_context pkey;
1342
mbedtls_pk_init(&pkey);
1344
ntdata = LIBSSH2_ALLOC(session, data_len + 1);
1349
memcpy(ntdata, data, data_len);
1351
if(_libssh2_mbedtls_parse_eckey(ctx, &pkey, session,
1352
ntdata, data_len + 1, pwd) == 0)
1355
_libssh2_mbedtls_parse_openssh_key(ctx, session,
1356
ntdata, data_len + 1, pwd);
1360
mbedtls_pk_free(&pkey);
1362
_libssh2_mbedtls_safe_free(ntdata, data_len);
1364
return *ctx ? 0 : -1;
1367
static unsigned char *
1368
_libssh2_mbedtls_mpi_write_binary(unsigned char *buf,
1369
const mbedtls_mpi *mpi,
1372
unsigned char *p = buf;
1373
uint32_t size = (uint32_t)bytes;
1375
if(sizeof(&p) / sizeof(p[0]) < 4) {1383
mbedtls_mpi_write_binary(mpi, p + 1, size - 1);
1386
if(size > 0 && !(*(p + 1) & 0x80)) {1387
memmove(p, p + 1, --size);
1390
_libssh2_htonu32(p - 4, size);
1397
/* _libssh2_ecdsa_sign
1399
* Computes the ECDSA signature of a previously-hashed message
1404
_libssh2_mbedtls_ecdsa_sign(LIBSSH2_SESSION *session,
1405
libssh2_ecdsa_ctx *ctx,
1406
const unsigned char *hash,
1408
unsigned char **sign,
1411
size_t r_len, s_len, tmp_sign_len = 0;
1412
unsigned char *sp, *tmp_sign = NULL;
1415
mbedtls_mpi_init(&pr);
1416
mbedtls_mpi_init(&ps);
1418
if(mbedtls_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &pr, &ps,
1419
&ctx->MBEDTLS_PRIVATE(d),
1421
mbedtls_ctr_drbg_random,
1422
&_libssh2_mbedtls_ctr_drbg))
1425
r_len = mbedtls_mpi_size(&pr) + 1;
1426
s_len = mbedtls_mpi_size(&ps) + 1;
1427
tmp_sign_len = r_len + s_len + 8;
1429
tmp_sign = LIBSSH2_CALLOC(session, tmp_sign_len);
1435
sp = _libssh2_mbedtls_mpi_write_binary(sp, &pr, r_len);
1436
sp = _libssh2_mbedtls_mpi_write_binary(sp, &ps, s_len);
1438
*sign_len = (size_t)(sp - tmp_sign);
1440
*sign = LIBSSH2_CALLOC(session, *sign_len);
1445
memcpy(*sign, tmp_sign, *sign_len);
1449
mbedtls_mpi_free(&pr);
1450
mbedtls_mpi_free(&ps);
1452
_libssh2_mbedtls_safe_free(tmp_sign, tmp_sign_len);
1454
return *sign ? 0 : -1;
1457
/* _libssh2_ecdsa_get_curve_type
1459
* returns key curve type that maps to libssh2_curve_type
1464
_libssh2_mbedtls_ecdsa_get_curve_type(libssh2_ecdsa_ctx *ctx)
1466
return (libssh2_curve_type) ctx->MBEDTLS_PRIVATE(grp).id;
1469
/* _libssh2_ecdsa_curve_type_from_name
1471
* returns 0 for success, key curve type that maps to libssh2_curve_type
1476
_libssh2_mbedtls_ecdsa_curve_type_from_name(const char *name,
1477
libssh2_curve_type *out_type)
1480
libssh2_curve_type type;
1482
if(!name || strlen(name) != 19)
1485
if(strcmp(name, "ecdsa-sha2-nistp256") == 0)
1486
type = LIBSSH2_EC_CURVE_NISTP256;
1487
else if(strcmp(name, "ecdsa-sha2-nistp384") == 0)
1488
type = LIBSSH2_EC_CURVE_NISTP384;
1489
else if(strcmp(name, "ecdsa-sha2-nistp521") == 0)
1490
type = LIBSSH2_EC_CURVE_NISTP521;
1495
if(ret == 0 && out_type) {1503
_libssh2_mbedtls_ecdsa_free(libssh2_ecdsa_ctx *ctx)
1505
mbedtls_ecdsa_free(ctx);
1508
#endif /* LIBSSH2_ECDSA */
1511
/* _libssh2_supported_key_sign_algorithms
1513
* Return supported key hash algo upgrades, see crypto.h
1518
_libssh2_supported_key_sign_algorithms(LIBSSH2_SESSION *session,
1519
unsigned char *key_method,
1520
size_t key_method_len)
1525
if(key_method_len == 7 &&
1526
memcmp(key_method, "ssh-rsa", key_method_len) == 0) {1527
return "rsa-sha2-512,rsa-sha2-256"
1538
#endif /* LIBSSH2_CRYPTO_C */