1 #ifndef __LIBSSH2_OPENSSL_H 2 #define __LIBSSH2_OPENSSL_H 3 /* Copyright (C) 2009, 2010 Simon Josefsson 4 * Copyright (C) 2006, 2007 The Written Word, Inc. All rights reserved. 5 * 6 * Author: Simon Josefsson 7 * 8 * Redistribution and use in source and binary forms, 9 * with or without modification, are permitted provided 10 * that the following conditions are met: 11 * 12 * Redistributions of source code must retain the above 13 * copyright notice, this list of conditions and the 14 * following disclaimer. 15 * 16 * Redistributions in binary form must reproduce the above 17 * copyright notice, this list of conditions and the following 18 * disclaimer in the documentation and/or other materials 19 * provided with the distribution. 20 * 21 * Neither the name of the copyright holder nor the names 22 * of any other contributors may be used to endorse or 23 * promote products derived from this software without 24 * specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 27 * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 28 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 29 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 31 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 32 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 33 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 34 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 35 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 36 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 37 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 38 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 39 * OF SUCH DAMAGE. 40 */ 41 42 #include <openssl/opensslconf.h> 43 #include <openssl/sha.h> 44 #include <openssl/rsa.h> 45 #ifndef OPENSSL_NO_ENGINE 46 #include <openssl/engine.h> 47 #endif 48 #ifndef OPENSSL_NO_DSA 49 #include <openssl/dsa.h> 50 #endif 51 #ifndef OPENSSL_NO_MD5 52 #include <openssl/md5.h> 53 #endif 54 #include <openssl/evp.h> 55 #include <openssl/hmac.h> 56 #include <openssl/bn.h> 57 #include <openssl/pem.h> 58 #include <openssl/rand.h> 59 60 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ 61 !defined(LIBRESSL_VERSION_NUMBER) 62 # define HAVE_OPAQUE_STRUCTS 1 63 #endif 64 65 #ifdef OPENSSL_NO_RSA 66 # define LIBSSH2_RSA 0 67 #else 68 # define LIBSSH2_RSA 1 69 #endif 70 71 #ifdef OPENSSL_NO_DSA 72 # define LIBSSH2_DSA 0 73 #else 74 # define LIBSSH2_DSA 1 75 #endif 76 77 #ifdef OPENSSL_NO_ECDSA 78 # define LIBSSH2_ECDSA 0 79 #else 80 # define LIBSSH2_ECDSA 1 81 #endif 82 83 #if OPENSSL_VERSION_NUMBER >= 0x10101000L && \ 84 !defined(LIBRESSL_VERSION_NUMBER) 85 # define LIBSSH2_ED25519 1 86 #else 87 # define LIBSSH2_ED25519 0 88 #endif 89 90 91 #ifdef OPENSSL_NO_MD5 92 # define LIBSSH2_MD5 0 93 #else 94 # define LIBSSH2_MD5 1 95 #endif 96 97 #ifdef OPENSSL_NO_RIPEMD 98 # define LIBSSH2_HMAC_RIPEMD 0 99 #else 100 # define LIBSSH2_HMAC_RIPEMD 1 101 #endif 102 103 #define LIBSSH2_HMAC_SHA256 1 104 #define LIBSSH2_HMAC_SHA512 1 105 106 #if OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES) 107 # define LIBSSH2_AES_CTR 1 108 # define LIBSSH2_AES 1 109 #else 110 # define LIBSSH2_AES_CTR 0 111 # define LIBSSH2_AES 0 112 #endif 113 114 #ifdef OPENSSL_NO_BF 115 # define LIBSSH2_BLOWFISH 0 116 #else 117 # define LIBSSH2_BLOWFISH 1 118 #endif 119 120 #ifdef OPENSSL_NO_RC4 121 # define LIBSSH2_RC4 0 122 #else 123 # define LIBSSH2_RC4 1 124 #endif 125 126 #ifdef OPENSSL_NO_CAST 127 # define LIBSSH2_CAST 0 128 #else 129 # define LIBSSH2_CAST 1 130 #endif 131 132 #ifdef OPENSSL_NO_DES 133 # define LIBSSH2_3DES 0 134 #else 135 # define LIBSSH2_3DES 1 136 #endif 137 138 #define EC_MAX_POINT_LEN ((528 * 2 / 8) + 1) 139 140 #define _libssh2_random(buf, len) RAND_bytes ((buf), (len)) 141 142 #define libssh2_prepare_iovec(vec, len) /* Empty. */ 143 144 #ifdef HAVE_OPAQUE_STRUCTS 145 #define libssh2_sha1_ctx EVP_MD_CTX * 146 #else 147 #define libssh2_sha1_ctx EVP_MD_CTX 148 #endif 149 150 /* returns 0 in case of failure */ 151 int _libssh2_sha1_init(libssh2_sha1_ctx *ctx); 152 #define libssh2_sha1_init(x) _libssh2_sha1_init(x) 153 #ifdef HAVE_OPAQUE_STRUCTS 154 #define libssh2_sha1_update(ctx, data, len) EVP_DigestUpdate(ctx, data, len) 155 #define libssh2_sha1_final(ctx, out) do { \ 156 EVP_DigestFinal(ctx, out, NULL); \ 157 EVP_MD_CTX_free(ctx); \ 158 } while(0) 159 #else 160 #define libssh2_sha1_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len) 161 #define libssh2_sha1_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL) 162 #endif 163 int _libssh2_sha1(const unsigned char *message, unsigned long len, 164 unsigned char *out); 165 #define libssh2_sha1(x,y,z) _libssh2_sha1(x,y,z) 166 167 #ifdef HAVE_OPAQUE_STRUCTS 168 #define libssh2_sha256_ctx EVP_MD_CTX * 169 #else 170 #define libssh2_sha256_ctx EVP_MD_CTX 171 #endif 172 173 /* returns 0 in case of failure */ 174 int _libssh2_sha256_init(libssh2_sha256_ctx *ctx); 175 #define libssh2_sha256_init(x) _libssh2_sha256_init(x) 176 #ifdef HAVE_OPAQUE_STRUCTS 177 #define libssh2_sha256_update(ctx, data, len) EVP_DigestUpdate(ctx, data, len) 178 #define libssh2_sha256_final(ctx, out) do { \ 179 EVP_DigestFinal(ctx, out, NULL); \ 180 EVP_MD_CTX_free(ctx); \ 181 } while(0) 182 #else 183 #define libssh2_sha256_update(ctx, data, len) \ 184 EVP_DigestUpdate(&(ctx), data, len) 185 #define libssh2_sha256_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL) 186 #endif 187 int _libssh2_sha256(const unsigned char *message, unsigned long len, 188 unsigned char *out); 189 #define libssh2_sha256(x,y,z) _libssh2_sha256(x,y,z) 190 191 #ifdef HAVE_OPAQUE_STRUCTS 192 #define libssh2_sha384_ctx EVP_MD_CTX * 193 #else 194 #define libssh2_sha384_ctx EVP_MD_CTX 195 #endif 196 197 /* returns 0 in case of failure */ 198 int _libssh2_sha384_init(libssh2_sha384_ctx *ctx); 199 #define libssh2_sha384_init(x) _libssh2_sha384_init(x) 200 #ifdef HAVE_OPAQUE_STRUCTS 201 #define libssh2_sha384_update(ctx, data, len) EVP_DigestUpdate(ctx, data, len) 202 #define libssh2_sha384_final(ctx, out) do { \ 203 EVP_DigestFinal(ctx, out, NULL); \ 204 EVP_MD_CTX_free(ctx); \ 205 } while(0) 206 #else 207 #define libssh2_sha384_update(ctx, data, len) \ 208 EVP_DigestUpdate(&(ctx), data, len) 209 #define libssh2_sha384_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL) 210 #endif 211 int _libssh2_sha384(const unsigned char *message, unsigned long len, 212 unsigned char *out); 213 #define libssh2_sha384(x,y,z) _libssh2_sha384(x,y,z) 214 215 #ifdef HAVE_OPAQUE_STRUCTS 216 #define libssh2_sha512_ctx EVP_MD_CTX * 217 #else 218 #define libssh2_sha512_ctx EVP_MD_CTX 219 #endif 220 221 /* returns 0 in case of failure */ 222 int _libssh2_sha512_init(libssh2_sha512_ctx *ctx); 223 #define libssh2_sha512_init(x) _libssh2_sha512_init(x) 224 #ifdef HAVE_OPAQUE_STRUCTS 225 #define libssh2_sha512_update(ctx, data, len) EVP_DigestUpdate(ctx, data, len) 226 #define libssh2_sha512_final(ctx, out) do { \ 227 EVP_DigestFinal(ctx, out, NULL); \ 228 EVP_MD_CTX_free(ctx); \ 229 } while(0) 230 #else 231 #define libssh2_sha512_update(ctx, data, len) \ 232 EVP_DigestUpdate(&(ctx), data, len) 233 #define libssh2_sha512_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL) 234 #endif 235 int _libssh2_sha512(const unsigned char *message, unsigned long len, 236 unsigned char *out); 237 #define libssh2_sha512(x,y,z) _libssh2_sha512(x,y,z) 238 239 #ifdef HAVE_OPAQUE_STRUCTS 240 #define libssh2_md5_ctx EVP_MD_CTX * 241 #else 242 #define libssh2_md5_ctx EVP_MD_CTX 243 #endif 244 245 /* returns 0 in case of failure */ 246 int _libssh2_md5_init(libssh2_md5_ctx *ctx); 247 #define libssh2_md5_init(x) _libssh2_md5_init(x) 248 #ifdef HAVE_OPAQUE_STRUCTS 249 #define libssh2_md5_update(ctx, data, len) EVP_DigestUpdate(ctx, data, len) 250 #define libssh2_md5_final(ctx, out) do { \ 251 EVP_DigestFinal(ctx, out, NULL); \ 252 EVP_MD_CTX_free(ctx); \ 253 } while(0) 254 #else 255 #define libssh2_md5_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len) 256 #define libssh2_md5_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL) 257 #endif 258 259 #ifdef HAVE_OPAQUE_STRUCTS 260 #define libssh2_hmac_ctx HMAC_CTX * 261 #define libssh2_hmac_ctx_init(ctx) ctx = HMAC_CTX_new() 262 #define libssh2_hmac_sha1_init(ctx, key, keylen) \ 263 HMAC_Init_ex(*(ctx), key, keylen, EVP_sha1(), NULL) 264 #define libssh2_hmac_md5_init(ctx, key, keylen) \ 265 HMAC_Init_ex(*(ctx), key, keylen, EVP_md5(), NULL) 266 #define libssh2_hmac_ripemd160_init(ctx, key, keylen) \ 267 HMAC_Init_ex(*(ctx), key, keylen, EVP_ripemd160(), NULL) 268 #define libssh2_hmac_sha256_init(ctx, key, keylen) \ 269 HMAC_Init_ex(*(ctx), key, keylen, EVP_sha256(), NULL) 270 #define libssh2_hmac_sha512_init(ctx, key, keylen) \ 271 HMAC_Init_ex(*(ctx), key, keylen, EVP_sha512(), NULL) 272 273 #define libssh2_hmac_update(ctx, data, datalen) \ 274 HMAC_Update(ctx, data, datalen) 275 #define libssh2_hmac_final(ctx, data) HMAC_Final(ctx, data, NULL) 276 #define libssh2_hmac_cleanup(ctx) HMAC_CTX_free(*(ctx)) 277 #else 278 #define libssh2_hmac_ctx HMAC_CTX 279 #define libssh2_hmac_ctx_init(ctx) \ 280 HMAC_CTX_init(&ctx) 281 #define libssh2_hmac_sha1_init(ctx, key, keylen) \ 282 HMAC_Init_ex(ctx, key, keylen, EVP_sha1(), NULL) 283 #define libssh2_hmac_md5_init(ctx, key, keylen) \ 284 HMAC_Init_ex(ctx, key, keylen, EVP_md5(), NULL) 285 #define libssh2_hmac_ripemd160_init(ctx, key, keylen) \ 286 HMAC_Init_ex(ctx, key, keylen, EVP_ripemd160(), NULL) 287 #define libssh2_hmac_sha256_init(ctx, key, keylen) \ 288 HMAC_Init_ex(ctx, key, keylen, EVP_sha256(), NULL) 289 #define libssh2_hmac_sha512_init(ctx, key, keylen) \ 290 HMAC_Init_ex(ctx, key, keylen, EVP_sha512(), NULL) 291 292 #define libssh2_hmac_update(ctx, data, datalen) \ 293 HMAC_Update(&(ctx), data, datalen) 294 #define libssh2_hmac_final(ctx, data) HMAC_Final(&(ctx), data, NULL) 295 #define libssh2_hmac_cleanup(ctx) HMAC_cleanup(ctx) 296 #endif 297 298 extern void _libssh2_openssl_crypto_init(void); 299 extern void _libssh2_openssl_crypto_exit(void); 300 #define libssh2_crypto_init() _libssh2_openssl_crypto_init() 301 #define libssh2_crypto_exit() _libssh2_openssl_crypto_exit() 302 303 #define libssh2_rsa_ctx RSA 304 305 #define _libssh2_rsa_free(rsactx) RSA_free(rsactx) 306 307 #define libssh2_dsa_ctx DSA 308 309 #define _libssh2_dsa_free(dsactx) DSA_free(dsactx) 310 311 #if LIBSSH2_ECDSA 312 #define libssh2_ecdsa_ctx EC_KEY 313 #define _libssh2_ecdsa_free(ecdsactx) EC_KEY_free(ecdsactx) 314 #define _libssh2_ec_key EC_KEY 315 316 typedef enum { 317 LIBSSH2_EC_CURVE_NISTP256 = NID_X9_62_prime256v1, 318 LIBSSH2_EC_CURVE_NISTP384 = NID_secp384r1, 319 LIBSSH2_EC_CURVE_NISTP521 = NID_secp521r1 320 } 321 libssh2_curve_type; 322 #else 323 #define _libssh2_ec_key void 324 #endif /* LIBSSH2_ECDSA */ 325 326 #if LIBSSH2_ED25519 327 #define libssh2_ed25519_ctx EVP_PKEY 328 #define libssh2_x25519_ctx EVP_PKEY 329 330 #define _libssh2_ed25519_free(ctx) EVP_PKEY_free(ctx) 331 #define _libssh2_x25519_free(ctx) EVP_PKEY_free(ctx) 332 #endif /* ED25519 */ 333 334 #define _libssh2_cipher_type(name) const EVP_CIPHER *(*name)(void) 335 #ifdef HAVE_OPAQUE_STRUCTS 336 #define _libssh2_cipher_ctx EVP_CIPHER_CTX * 337 #else 338 #define _libssh2_cipher_ctx EVP_CIPHER_CTX 339 #endif 340 341 #define _libssh2_cipher_aes256 EVP_aes_256_cbc 342 #define _libssh2_cipher_aes192 EVP_aes_192_cbc 343 #define _libssh2_cipher_aes128 EVP_aes_128_cbc 344 #ifdef HAVE_EVP_AES_128_CTR 345 #define _libssh2_cipher_aes128ctr EVP_aes_128_ctr 346 #define _libssh2_cipher_aes192ctr EVP_aes_192_ctr 347 #define _libssh2_cipher_aes256ctr EVP_aes_256_ctr 348 #else 349 #define _libssh2_cipher_aes128ctr _libssh2_EVP_aes_128_ctr 350 #define _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr 351 #define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr 352 #endif 353 #define _libssh2_cipher_blowfish EVP_bf_cbc 354 #define _libssh2_cipher_arcfour EVP_rc4 355 #define _libssh2_cipher_cast5 EVP_cast5_cbc 356 #define _libssh2_cipher_3des EVP_des_ede3_cbc 357 358 #ifdef HAVE_OPAQUE_STRUCTS 359 #define _libssh2_cipher_dtor(ctx) EVP_CIPHER_CTX_free(*(ctx)) 360 #else 361 #define _libssh2_cipher_dtor(ctx) EVP_CIPHER_CTX_cleanup(ctx) 362 #endif 363 364 #define _libssh2_bn BIGNUM 365 #define _libssh2_bn_ctx BN_CTX 366 #define _libssh2_bn_ctx_new() BN_CTX_new() 367 #define _libssh2_bn_ctx_free(bnctx) BN_CTX_free(bnctx) 368 #define _libssh2_bn_init() BN_new() 369 #define _libssh2_bn_init_from_bin() _libssh2_bn_init() 370 #define _libssh2_bn_set_word(bn, val) BN_set_word(bn, val) 371 #define _libssh2_bn_from_bin(bn, len, val) BN_bin2bn(val, len, bn) 372 #define _libssh2_bn_to_bin(bn, val) BN_bn2bin(bn, val) 373 #define _libssh2_bn_bytes(bn) BN_num_bytes(bn) 374 #define _libssh2_bn_bits(bn) BN_num_bits(bn) 375 #define _libssh2_bn_free(bn) BN_clear_free(bn) 376 377 #define _libssh2_dh_ctx BIGNUM * 378 #define libssh2_dh_init(dhctx) _libssh2_dh_init(dhctx) 379 #define libssh2_dh_key_pair(dhctx, public, g, p, group_order, bnctx) \ 380 _libssh2_dh_key_pair(dhctx, public, g, p, group_order, bnctx) 381 #define libssh2_dh_secret(dhctx, secret, f, p, bnctx) \ 382 _libssh2_dh_secret(dhctx, secret, f, p, bnctx) 383 #define libssh2_dh_dtor(dhctx) _libssh2_dh_dtor(dhctx) 384 extern void _libssh2_dh_init(_libssh2_dh_ctx *dhctx); 385 extern int _libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public, 386 _libssh2_bn *g, _libssh2_bn *p, 387 int group_order, 388 _libssh2_bn_ctx *bnctx); 389 extern int _libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret, 390 _libssh2_bn *f, _libssh2_bn *p, 391 _libssh2_bn_ctx *bnctx); 392 extern void _libssh2_dh_dtor(_libssh2_dh_ctx *dhctx); 393 394 const EVP_CIPHER *_libssh2_EVP_aes_128_ctr(void); 395 const EVP_CIPHER *_libssh2_EVP_aes_192_ctr(void); 396 const EVP_CIPHER *_libssh2_EVP_aes_256_ctr(void); 397 398 #endif /* __LIBSSH2_OPENSSL_H */ 399