33#elif defined(HAVE_LIBMBEDCRYPTO) 
   34#include <mbedtls/gcm.h> 
   36#include "libssh/wrapper.h" 
   45#ifdef HAVE_OPENSSL_ECDH_H 
   46#include <openssl/ecdh.h> 
   49#include "libssh/ecdh.h" 
   50#include "libssh/kex.h" 
   51#include "libssh/curve25519.h" 
   53#define DIGEST_MAX_LEN 64 
   55#define AES_GCM_TAGLEN 16 
   56#define AES_GCM_IVLEN  12 
   58enum ssh_key_exchange_e {
 
   60  SSH_KEX_DH_GROUP1_SHA1=1,
 
   62  SSH_KEX_DH_GROUP14_SHA1,
 
   67  SSH_KEX_DH_GEX_SHA256,
 
   70  SSH_KEX_ECDH_SHA2_NISTP256,
 
   72  SSH_KEX_ECDH_SHA2_NISTP384,
 
   74  SSH_KEX_ECDH_SHA2_NISTP521,
 
   76  SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG,
 
   78  SSH_KEX_CURVE25519_SHA256,
 
   80  SSH_KEX_DH_GROUP16_SHA512,
 
   82  SSH_KEX_DH_GROUP18_SHA512,
 
   84  SSH_KEX_DH_GROUP14_SHA256,
 
  101    SSH_AEAD_CHACHA20_POLY1305
 
  106struct ssh_crypto_struct {
 
  107    bignum shared_secret;
 
  108    struct dh_ctx *dh_ctx;
 
  110    size_t dh_pmin; 
size_t dh_pn; 
size_t dh_pmax; 
 
  113#ifdef HAVE_OPENSSL_ECC 
  114#if OPENSSL_VERSION_NUMBER < 0x30000000L 
  115    EC_KEY *ecdh_privkey;
 
  117    EVP_PKEY *ecdh_privkey;
 
  119#elif defined HAVE_GCRYPT_ECC 
  120    gcry_sexp_t ecdh_privkey;
 
  121#elif defined HAVE_LIBMBEDCRYPTO 
  122    mbedtls_ecp_keypair *ecdh_privkey;
 
  124    ssh_string ecdh_client_pubkey;
 
  125    ssh_string ecdh_server_pubkey;
 
  127#ifdef HAVE_CURVE25519 
  128    ssh_curve25519_privkey curve25519_privkey;
 
  129    ssh_curve25519_pubkey curve25519_client_pubkey;
 
  130    ssh_curve25519_pubkey curve25519_server_pubkey;
 
  132    ssh_string dh_server_signature; 
 
  133    size_t session_id_len;
 
  134    unsigned char *session_id;
 
  136    unsigned char *secret_hash; 
 
  137    unsigned char *encryptIV;
 
  138    unsigned char *decryptIV;
 
  139    unsigned char *decryptkey;
 
  140    unsigned char *encryptkey;
 
  141    unsigned char *encryptMAC;
 
  142    unsigned char *decryptMAC;
 
  143    unsigned char hmacbuf[DIGEST_MAX_LEN];
 
  144    struct ssh_cipher_struct *in_cipher, *out_cipher; 
 
  145    enum ssh_hmac_e in_hmac, out_hmac; 
 
  146    bool in_hmac_etm, out_hmac_etm; 
 
  148    ssh_key server_pubkey;
 
  151    int delayed_compress_in; 
 
  152    int delayed_compress_out;
 
  153    void *compress_out_ctx; 
 
  154    void *compress_in_ctx; 
 
  156    struct ssh_kex_struct server_kex;
 
  157    struct ssh_kex_struct client_kex;
 
  158    char *kex_methods[SSH_KEX_METHODS];
 
  159    enum ssh_key_exchange_e kex_type;
 
  160    enum ssh_kdf_digest digest_type; 
 
  161    enum ssh_crypto_direction_e used; 
 
  164struct ssh_cipher_struct {
 
  166    unsigned int blocksize; 
 
  167    enum ssh_cipher_e ciphertype;
 
  168    uint32_t lenfield_blocksize; 
 
  171    gcry_cipher_hd_t *key;
 
  172    unsigned char last_iv[AES_GCM_IVLEN];
 
  173#elif defined HAVE_LIBCRYPTO 
  174    struct ssh_3des_key_schedule *des3_key;
 
  175    struct ssh_aes_key_schedule *aes_key;
 
  176    const EVP_CIPHER *cipher;
 
  178#elif defined HAVE_LIBMBEDCRYPTO 
  179    mbedtls_cipher_context_t encrypt_ctx;
 
  180    mbedtls_cipher_context_t decrypt_ctx;
 
  181    mbedtls_cipher_type_t type;
 
  183    mbedtls_gcm_context gcm_ctx;
 
  184    unsigned char last_iv[AES_GCM_IVLEN];
 
  187    struct chacha20_poly1305_keysched *chacha20_schedule;
 
  188    unsigned int keysize; 
 
  196    int (*set_encrypt_key)(
struct ssh_cipher_struct *cipher, 
void *key, 
void *IV);
 
  197    int (*set_decrypt_key)(
struct ssh_cipher_struct *cipher, 
void *key, 
void *IV);
 
  198    void (*encrypt)(
struct ssh_cipher_struct *cipher,
 
  202    void (*decrypt)(
struct ssh_cipher_struct *cipher,
 
  206    void (*aead_encrypt)(
struct ssh_cipher_struct *cipher, 
void *in, 
void *out,
 
  207        size_t len, uint8_t *mac, uint64_t seq);
 
  208    int (*aead_decrypt_length)(
struct ssh_cipher_struct *cipher, 
void *in,
 
  209        uint8_t *out, 
size_t len, uint64_t seq);
 
  210    int (*aead_decrypt)(
struct ssh_cipher_struct *cipher, 
void *complete_packet, uint8_t *out,
 
  211        size_t encrypted_size, uint64_t seq);
 
  212    void (*cleanup)(
struct ssh_cipher_struct *cipher);
 
  219const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(
void);
 
  220int sshkdf_derive_key(
struct ssh_crypto_struct *crypto,
 
  221                      unsigned char *key, 
size_t key_len,
 
  222                      uint8_t key_type, 
unsigned char *output,
 
  223                      size_t requested_len);
 
  225int secure_memcmp(
const void *s1, 
const void *s2, 
size_t n);
 
  226#if defined(HAVE_LIBCRYPTO) && !defined(WITH_PKCS11_PROVIDER) 
  227ENGINE *pki_get_engine(
void);
 
  230void compress_cleanup(
struct ssh_crypto_struct *crypto);