24 #ifndef LIBMBEDCRYPTO_H_ 
   25 #define LIBMBEDCRYPTO_H_ 
   29 #ifdef HAVE_LIBMBEDCRYPTO 
   31 #include <mbedtls/md.h> 
   32 #include <mbedtls/bignum.h> 
   33 #include <mbedtls/pk.h> 
   34 #include <mbedtls/cipher.h> 
   35 #include <mbedtls/entropy.h> 
   36 #include <mbedtls/ctr_drbg.h> 
   38 typedef mbedtls_md_context_t *SHACTX;
 
   39 typedef mbedtls_md_context_t *SHA256CTX;
 
   40 typedef mbedtls_md_context_t *SHA384CTX;
 
   41 typedef mbedtls_md_context_t *SHA512CTX;
 
   42 typedef mbedtls_md_context_t *MD5CTX;
 
   43 typedef mbedtls_md_context_t *HMACCTX;
 
   44 typedef mbedtls_md_context_t *EVPCTX;
 
   46 #define SHA_DIGEST_LENGTH 20 
   47 #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH 
   48 #define MD5_DIGEST_LEN 16 
   49 #define SHA256_DIGEST_LENGTH 32 
   50 #define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH 
   51 #define SHA384_DIGEST_LENGTH 48 
   52 #define SHA384_DIGEST_LEN SHA384_DIGEST_LENGTH 
   53 #define SHA512_DIGEST_LENGTH 64 
   54 #define SHA512_DIGEST_LEN SHA512_DIGEST_LENGTH 
   56 #ifndef EVP_MAX_MD_SIZE 
   57 #define EVP_MAX_MD_SIZE 64 
   60 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE 
   62 typedef mbedtls_mpi *bignum;
 
   63 typedef const mbedtls_mpi *const_bignum;
 
   64 typedef void* bignum_CTX;
 
   67 #define NID_mbedtls_nistp256 0 
   68 #define NID_mbedtls_nistp384 1 
   69 #define NID_mbedtls_nistp521 2 
   71 struct mbedtls_ecdsa_sig {
 
   76 bignum ssh_mbedcry_bn_new(
void);
 
   77 void ssh_mbedcry_bn_free(bignum num);
 
   78 unsigned char *ssh_mbedcry_bn2num(const_bignum num, 
int radix);
 
   79 int ssh_mbedcry_rand(bignum rnd, 
int bits, 
int top, 
int bottom);
 
   80 int ssh_mbedcry_is_bit_set(bignum num, 
size_t pos);
 
   81 int ssh_mbedcry_rand_range(bignum dest, bignum max);
 
   82 int ssh_mbedcry_hex2bn(bignum *dest, 
char *data);
 
   84 #define bignum_new() ssh_mbedcry_bn_new() 
   85 #define bignum_safe_free(num) do { \ 
   86     if ((num) != NULL) { \ 
   87         ssh_mbedcry_bn_free(num); \ 
   91 #define bignum_ctx_new() NULL 
   92 #define bignum_ctx_free(num) do {(num) = NULL;} while(0) 
   93 #define bignum_ctx_invalid(ctx) (ctx == NULL?0:1) 
   94 #define bignum_set_word(bn, n) (mbedtls_mpi_lset(bn, n)==0?1:0)  
   96 #define bignum_bin2bn(data, datalen, bn) do { \ 
   97     *(bn) = bignum_new(); \ 
   98     if (*(bn) != NULL) { \ 
   99         mbedtls_mpi_read_binary(*(bn), data, datalen); \ 
  102 #define bignum_bn2dec(num) ssh_mbedcry_bn2num(num, 10) 
  103 #define bignum_dec2bn(data, bn) mbedtls_mpi_read_string(bn, 10, data) 
  104 #define bignum_bn2hex(num, dest) (*dest)=ssh_mbedcry_bn2num(num, 16) 
  105 #define bignum_hex2bn(data, dest) ssh_mbedcry_hex2bn(dest, data) 
  106 #define bignum_rand(rnd, bits) ssh_mbedcry_rand((rnd), (bits), 0, 1) 
  107 #define bignum_rand_range(rnd, max) ssh_mbedcry_rand_range(rnd, max) 
  108 #define bignum_mod_exp(dest, generator, exp, modulo, ctx) \ 
  109         (mbedtls_mpi_exp_mod(dest, generator, exp, modulo, NULL)==0?1:0) 
  110 #define bignum_add(dest, a, b) mbedtls_mpi_add_mpi(dest, a, b) 
  111 #define bignum_sub(dest, a, b) mbedtls_mpi_sub_mpi(dest, a, b) 
  112 #define bignum_mod(dest, a, b, ctx) \ 
  113     (mbedtls_mpi_mod_mpi(dest, a, b) == 0 ? 1 : 0) 
  114 #define bignum_num_bytes(num) mbedtls_mpi_size(num) 
  115 #define bignum_num_bits(num) mbedtls_mpi_bitlen(num) 
  116 #define bignum_is_bit_set(num, bit) ssh_mbedcry_is_bit_set(num, bit) 
  117 #define bignum_bn2bin(num, len, ptr) mbedtls_mpi_write_binary(num, ptr, \ 
  118         mbedtls_mpi_size(num)) 
  119 #define bignum_cmp(num1, num2) mbedtls_mpi_cmp_mpi(num1, num2) 
  120 #define bignum_rshift1(dest, src) mbedtls_mpi_copy(dest, src), mbedtls_mpi_shift_r(dest, 1) 
  121 #define bignum_dup(orig, dest) do { \ 
  122     if (*(dest) == NULL) { \ 
  123         *(dest) = bignum_new(); \ 
  125     if (*(dest) != NULL) { \ 
  126         mbedtls_mpi_copy(orig, *(dest)); \ 
  130 mbedtls_ctr_drbg_context *ssh_get_mbedtls_ctr_drbg_context(
void);
 
  132 int ssh_mbedtls_random(
void *where, 
int len, 
int strong);
 
  134 ssh_string make_ecpoint_string(
const mbedtls_ecp_group *g, 
const 
  135         mbedtls_ecp_point *p);
 
  137 #define ssh_fips_mode() false