33 #elif defined(HAVE_LIBMBEDCRYPTO) 
   34 #include <mbedtls/gcm.h> 
   36 #include "libssh/wrapper.h" 
   45 #ifdef HAVE_OPENSSL_ECDH_H 
   46 #include <openssl/ecdh.h> 
   48 #include "libssh/dh.h" 
   49 #include "libssh/ecdh.h" 
   50 #include "libssh/kex.h" 
   51 #include "libssh/curve25519.h" 
   53 #define DIGEST_MAX_LEN 64 
   55 #define AES_GCM_TAGLEN 16 
   56 #define AES_GCM_IVLEN  12 
   58 enum ssh_key_exchange_e {
 
   60   SSH_KEX_DH_GROUP1_SHA1=1,
 
   62   SSH_KEX_DH_GROUP14_SHA1,
 
   67   SSH_KEX_DH_GEX_SHA256,
 
   70   SSH_KEX_ECDH_SHA2_NISTP256,
 
   72   SSH_KEX_ECDH_SHA2_NISTP384,
 
   74   SSH_KEX_ECDH_SHA2_NISTP521,
 
   76   SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG,
 
   78   SSH_KEX_CURVE25519_SHA256,
 
   80   SSH_KEX_DH_GROUP16_SHA512,
 
   82   SSH_KEX_DH_GROUP18_SHA512,
 
   87 #ifdef WITH_BLOWFISH_CIPHER 
   99     SSH_AEAD_CHACHA20_POLY1305
 
  105     bignum shared_secret;
 
  108     size_t dh_pmin; 
size_t dh_pn; 
size_t dh_pmax; 
 
  111 #ifdef HAVE_OPENSSL_ECC 
  112     EC_KEY *ecdh_privkey;
 
  113 #elif defined HAVE_GCRYPT_ECC 
  114     gcry_sexp_t ecdh_privkey;
 
  115 #elif defined HAVE_LIBMBEDCRYPTO 
  116     mbedtls_ecp_keypair *ecdh_privkey;
 
  121 #ifdef HAVE_CURVE25519 
  122     ssh_curve25519_privkey curve25519_privkey;
 
  123     ssh_curve25519_pubkey curve25519_client_pubkey;
 
  124     ssh_curve25519_pubkey curve25519_server_pubkey;
 
  128     unsigned char *session_id;
 
  129     unsigned char *secret_hash; 
 
  130     unsigned char *encryptIV;
 
  131     unsigned char *decryptIV;
 
  132     unsigned char *decryptkey;
 
  133     unsigned char *encryptkey;
 
  134     unsigned char *encryptMAC;
 
  135     unsigned char *decryptMAC;
 
  136     unsigned char hmacbuf[DIGEST_MAX_LEN];
 
  138     enum ssh_hmac_e in_hmac, out_hmac; 
 
  139     bool in_hmac_etm, out_hmac_etm; 
 
  144     int delayed_compress_in; 
 
  145     int delayed_compress_out;
 
  146     void *compress_out_ctx; 
 
  147     void *compress_in_ctx; 
 
  151     char *kex_methods[SSH_KEX_METHODS];
 
  152     enum ssh_key_exchange_e kex_type;
 
  153     enum ssh_kdf_digest digest_type; 
 
  154     enum ssh_crypto_direction_e used; 
 
  159     unsigned int blocksize; 
 
  160     enum ssh_cipher_e ciphertype;
 
  161     uint32_t lenfield_blocksize; 
 
  163 #ifdef HAVE_LIBGCRYPT 
  164     gcry_cipher_hd_t *key;
 
  165     unsigned char last_iv[AES_GCM_IVLEN];
 
  166 #elif defined HAVE_LIBCRYPTO 
  167     struct ssh_3des_key_schedule *des3_key;
 
  168     struct ssh_aes_key_schedule *aes_key;
 
  169     const EVP_CIPHER *cipher;
 
  171 #elif defined HAVE_LIBMBEDCRYPTO 
  172     mbedtls_cipher_context_t encrypt_ctx;
 
  173     mbedtls_cipher_context_t decrypt_ctx;
 
  174     mbedtls_cipher_type_t type;
 
  176     mbedtls_gcm_context gcm_ctx;
 
  177     unsigned char last_iv[AES_GCM_IVLEN];
 
  181     unsigned int keysize; 
 
  200         size_t len, uint8_t *mac, uint64_t seq);
 
  202         uint8_t *out, 
size_t len, uint64_t seq);
 
  203     int (*aead_decrypt)(
struct ssh_cipher_struct *cipher, 
void *complete_packet, uint8_t *out,
 
  204         size_t encrypted_size, uint64_t seq);
 
  210                       unsigned char *key, 
size_t key_len,
 
  211                       int key_type, 
unsigned char *output,
 
  212                       size_t requested_len);