24 #ifndef LIBMBEDCRYPTO_H_
25 #define LIBMBEDCRYPTO_H_
29 #ifdef HAVE_LIBMBEDCRYPTO
31 #include <mbedtls/md.h>
32 #include <mbedtls/bignum.h>
33 #include <mbedtls/pk.h>
34 #include <mbedtls/cipher.h>
35 #include <mbedtls/entropy.h>
36 #include <mbedtls/ctr_drbg.h>
38 typedef mbedtls_md_context_t *SHACTX;
39 typedef mbedtls_md_context_t *SHA256CTX;
40 typedef mbedtls_md_context_t *SHA384CTX;
41 typedef mbedtls_md_context_t *SHA512CTX;
42 typedef mbedtls_md_context_t *MD5CTX;
43 typedef mbedtls_md_context_t *HMACCTX;
44 typedef mbedtls_md_context_t *EVPCTX;
46 #define SHA_DIGEST_LENGTH 20
47 #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
48 #define MD5_DIGEST_LEN 16
49 #define SHA256_DIGEST_LENGTH 32
50 #define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH
51 #define SHA384_DIGEST_LENGTH 48
52 #define SHA384_DIGEST_LEN SHA384_DIGEST_LENGTH
53 #define SHA512_DIGEST_LENGTH 64
54 #define SHA512_DIGEST_LEN SHA512_DIGEST_LENGTH
56 #ifndef EVP_MAX_MD_SIZE
57 #define EVP_MAX_MD_SIZE 64
60 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
62 typedef mbedtls_mpi *bignum;
63 typedef const mbedtls_mpi *const_bignum;
64 typedef void* bignum_CTX;
67 #define NID_mbedtls_nistp256 0
68 #define NID_mbedtls_nistp384 1
69 #define NID_mbedtls_nistp521 2
71 struct mbedtls_ecdsa_sig {
76 bignum ssh_mbedcry_bn_new(
void);
77 void ssh_mbedcry_bn_free(bignum num);
78 unsigned char *ssh_mbedcry_bn2num(const_bignum num,
int radix);
79 int ssh_mbedcry_rand(bignum rnd,
int bits,
int top,
int bottom);
80 int ssh_mbedcry_is_bit_set(bignum num,
size_t pos);
81 int ssh_mbedcry_rand_range(bignum dest, bignum max);
82 int ssh_mbedcry_hex2bn(bignum *dest,
char *data);
84 #define bignum_new() ssh_mbedcry_bn_new()
85 #define bignum_safe_free(num) do { \
86 if ((num) != NULL) { \
87 ssh_mbedcry_bn_free(num); \
91 #define bignum_ctx_new() NULL
92 #define bignum_ctx_free(num) do {(num) = NULL;} while(0)
93 #define bignum_ctx_invalid(ctx) (ctx == NULL?0:1)
94 #define bignum_set_word(bn, n) (mbedtls_mpi_lset(bn, n)==0?1:0)
96 #define bignum_bin2bn(data, datalen, bn) do { \
97 *(bn) = bignum_new(); \
98 if (*(bn) != NULL) { \
99 mbedtls_mpi_read_binary(*(bn), data, datalen); \
102 #define bignum_bn2dec(num) ssh_mbedcry_bn2num(num, 10)
103 #define bignum_dec2bn(data, bn) mbedtls_mpi_read_string(bn, 10, data)
104 #define bignum_bn2hex(num, dest) (*dest)=ssh_mbedcry_bn2num(num, 16)
105 #define bignum_hex2bn(data, dest) ssh_mbedcry_hex2bn(dest, data)
106 #define bignum_rand(rnd, bits) ssh_mbedcry_rand((rnd), (bits), 0, 1)
107 #define bignum_rand_range(rnd, max) ssh_mbedcry_rand_range(rnd, max)
108 #define bignum_mod_exp(dest, generator, exp, modulo, ctx) \
109 (mbedtls_mpi_exp_mod(dest, generator, exp, modulo, NULL)==0?1:0)
110 #define bignum_add(dest, a, b) mbedtls_mpi_add_mpi(dest, a, b)
111 #define bignum_sub(dest, a, b) mbedtls_mpi_sub_mpi(dest, a, b)
112 #define bignum_mod(dest, a, b, ctx) \
113 (mbedtls_mpi_mod_mpi(dest, a, b) == 0 ? 1 : 0)
114 #define bignum_num_bytes(num) mbedtls_mpi_size(num)
115 #define bignum_num_bits(num) mbedtls_mpi_bitlen(num)
116 #define bignum_is_bit_set(num, bit) ssh_mbedcry_is_bit_set(num, bit)
117 #define bignum_bn2bin(num, len, ptr) mbedtls_mpi_write_binary(num, ptr, \
118 mbedtls_mpi_size(num))
119 #define bignum_cmp(num1, num2) mbedtls_mpi_cmp_mpi(num1, num2)
120 #define bignum_rshift1(dest, src) mbedtls_mpi_copy(dest, src), mbedtls_mpi_shift_r(dest, 1)
121 #define bignum_dup(orig, dest) do { \
122 if (*(dest) == NULL) { \
123 *(dest) = bignum_new(); \
125 if (*(dest) != NULL) { \
126 mbedtls_mpi_copy(orig, *(dest)); \
130 mbedtls_ctr_drbg_context *ssh_get_mbedtls_ctr_drbg_context(
void);
132 int ssh_mbedtls_random(
void *where,
int len,
int strong);
134 ssh_string make_ecpoint_string(
const mbedtls_ecp_group *g,
const
135 mbedtls_ecp_point *p);
137 #define ssh_fips_mode() false