mirror of
https://git.libssh.org/projects/libssh.git
synced 2025-07-31 00:03:07 +03:00
mbedtls: Use getter for ssh_mbedtls_ctr_drbg
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Andreas Schneider
@ -101,8 +101,7 @@ int ssh_mbedcry_is_bit_set(bignum num, size_t pos);
|
|||||||
mbedtls_mpi_size(num))
|
mbedtls_mpi_size(num))
|
||||||
#define bignum_cmp(num1, num2) mbedtls_mpi_cmp_mpi(num1, num2)
|
#define bignum_cmp(num1, num2) mbedtls_mpi_cmp_mpi(num1, num2)
|
||||||
|
|
||||||
mbedtls_entropy_context ssh_mbedtls_entropy;
|
mbedtls_ctr_drbg_context *ssh_get_mbedtls_ctr_drbg_context(void);
|
||||||
mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
|
|
||||||
|
|
||||||
int ssh_mbedtls_random(void *where, int len, int strong);
|
int ssh_mbedtls_random(void *where, int len, int strong);
|
||||||
|
|
||||||
|
|||||||
@ -79,9 +79,11 @@ int ssh_client_ecdh_init(ssh_session session)
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = mbedtls_ecp_gen_keypair(&grp, &session->next_crypto->ecdh_privkey->d,
|
rc = mbedtls_ecp_gen_keypair(&grp,
|
||||||
&session->next_crypto->ecdh_privkey->Q, mbedtls_ctr_drbg_random,
|
&session->next_crypto->ecdh_privkey->d,
|
||||||
&ssh_mbedtls_ctr_drbg);
|
&session->next_crypto->ecdh_privkey->Q,
|
||||||
|
mbedtls_ctr_drbg_random,
|
||||||
|
ssh_get_mbedtls_ctr_drbg_context());
|
||||||
|
|
||||||
if (rc != 0) {
|
if (rc != 0) {
|
||||||
rc = SSH_ERROR;
|
rc = SSH_ERROR;
|
||||||
@ -157,9 +159,12 @@ int ecdh_build_k(ssh_session session)
|
|||||||
|
|
||||||
mbedtls_mpi_init(session->next_crypto->k);
|
mbedtls_mpi_init(session->next_crypto->k);
|
||||||
|
|
||||||
rc = mbedtls_ecdh_compute_shared(&grp, session->next_crypto->k, &pubkey,
|
rc = mbedtls_ecdh_compute_shared(&grp,
|
||||||
&session->next_crypto->ecdh_privkey->d, mbedtls_ctr_drbg_random,
|
session->next_crypto->k,
|
||||||
&ssh_mbedtls_ctr_drbg);
|
&pubkey,
|
||||||
|
&session->next_crypto->ecdh_privkey->d,
|
||||||
|
mbedtls_ctr_drbg_random,
|
||||||
|
ssh_get_mbedtls_ctr_drbg_context());
|
||||||
if (rc != 0) {
|
if (rc != 0) {
|
||||||
rc = SSH_ERROR;
|
rc = SSH_ERROR;
|
||||||
goto out;
|
goto out;
|
||||||
@ -213,9 +218,11 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet)
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = mbedtls_ecp_gen_keypair(&grp, &session->next_crypto->ecdh_privkey->d,
|
rc = mbedtls_ecp_gen_keypair(&grp,
|
||||||
&session->next_crypto->ecdh_privkey->Q, mbedtls_ctr_drbg_random,
|
&session->next_crypto->ecdh_privkey->d,
|
||||||
&ssh_mbedtls_ctr_drbg);
|
&session->next_crypto->ecdh_privkey->Q,
|
||||||
|
mbedtls_ctr_drbg_random,
|
||||||
|
ssh_get_mbedtls_ctr_drbg_context());
|
||||||
if (rc != 0) {
|
if (rc != 0) {
|
||||||
rc = SSH_ERROR;
|
rc = SSH_ERROR;
|
||||||
goto out;
|
goto out;
|
||||||
|
|||||||
@ -30,6 +30,9 @@
|
|||||||
#ifdef HAVE_LIBMBEDCRYPTO
|
#ifdef HAVE_LIBMBEDCRYPTO
|
||||||
#include <mbedtls/md.h>
|
#include <mbedtls/md.h>
|
||||||
|
|
||||||
|
static mbedtls_entropy_context ssh_mbedtls_entropy;
|
||||||
|
static mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
|
||||||
|
|
||||||
struct ssh_mac_ctx_struct {
|
struct ssh_mac_ctx_struct {
|
||||||
enum ssh_mac_e mac_type;
|
enum ssh_mac_e mac_type;
|
||||||
mbedtls_md_context_t ctx;
|
mbedtls_md_context_t ctx;
|
||||||
@ -999,6 +1002,11 @@ int ssh_mbedtls_random(void *where, int len, int strong)
|
|||||||
return !rc;
|
return !rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mbedtls_ctr_drbg_context *ssh_get_mbedtls_ctr_drbg_context(void)
|
||||||
|
{
|
||||||
|
return &ssh_mbedtls_ctr_drbg;
|
||||||
|
}
|
||||||
|
|
||||||
void ssh_crypto_finalize(void)
|
void ssh_crypto_finalize(void)
|
||||||
{
|
{
|
||||||
if (!libmbedcrypto_initialized) {
|
if (!libmbedcrypto_initialized) {
|
||||||
|
|||||||
@ -81,8 +81,10 @@ int ssh_mbedcry_rand(bignum rnd, int bits, int top, int bottom)
|
|||||||
}
|
}
|
||||||
|
|
||||||
len = bits / 8 + 1;
|
len = bits / 8 + 1;
|
||||||
rc = mbedtls_mpi_fill_random(rnd, len, mbedtls_ctr_drbg_random,
|
rc = mbedtls_mpi_fill_random(rnd,
|
||||||
&ssh_mbedtls_ctr_drbg);
|
len,
|
||||||
|
mbedtls_ctr_drbg_random,
|
||||||
|
ssh_get_mbedtls_ctr_drbg_context());
|
||||||
if (rc != 0) {
|
if (rc != 0) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -398,8 +398,11 @@ int pki_key_generate_rsa(ssh_key key, int parameter)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (mbedtls_pk_can_do(key->rsa, MBEDTLS_PK_RSA)) {
|
if (mbedtls_pk_can_do(key->rsa, MBEDTLS_PK_RSA)) {
|
||||||
rc = mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key->rsa), mbedtls_ctr_drbg_random,
|
rc = mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key->rsa),
|
||||||
&ssh_mbedtls_ctr_drbg, parameter, 65537);
|
mbedtls_ctr_drbg_random,
|
||||||
|
ssh_get_mbedtls_ctr_drbg_context(),
|
||||||
|
parameter,
|
||||||
|
65537);
|
||||||
if (rc != 0) {
|
if (rc != 0) {
|
||||||
mbedtls_pk_free(key->rsa);
|
mbedtls_pk_free(key->rsa);
|
||||||
return SSH_ERROR;
|
return SSH_ERROR;
|
||||||
@ -980,8 +983,14 @@ static ssh_string rsa_do_sign(const unsigned char *digest, int dlen,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
ok = mbedtls_pk_sign(privkey, MBEDTLS_MD_SHA1, digest, dlen, sig, &slen,
|
ok = mbedtls_pk_sign(privkey,
|
||||||
mbedtls_ctr_drbg_random, &ssh_mbedtls_ctr_drbg);
|
MBEDTLS_MD_SHA1,
|
||||||
|
digest,
|
||||||
|
dlen,
|
||||||
|
sig,
|
||||||
|
&slen,
|
||||||
|
mbedtls_ctr_drbg_random,
|
||||||
|
ssh_get_mbedtls_ctr_drbg_context());
|
||||||
|
|
||||||
if (ok != 0) {
|
if (ok != 0) {
|
||||||
SAFE_FREE(sig);
|
SAFE_FREE(sig);
|
||||||
@ -1036,9 +1045,14 @@ ssh_signature pki_do_sign(const ssh_key privkey, const unsigned char *hash,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = mbedtls_ecdsa_sign(&privkey->ecdsa->grp, sig->ecdsa_sig.r,
|
rc = mbedtls_ecdsa_sign(&privkey->ecdsa->grp,
|
||||||
sig->ecdsa_sig.s, &privkey->ecdsa->d, hash, hlen,
|
sig->ecdsa_sig.r,
|
||||||
mbedtls_ctr_drbg_random, &ssh_mbedtls_ctr_drbg);
|
sig->ecdsa_sig.s,
|
||||||
|
&privkey->ecdsa->d,
|
||||||
|
hash,
|
||||||
|
hlen,
|
||||||
|
mbedtls_ctr_drbg_random,
|
||||||
|
ssh_get_mbedtls_ctr_drbg_context());
|
||||||
if (rc != 0) {
|
if (rc != 0) {
|
||||||
ssh_signature_free(sig);
|
ssh_signature_free(sig);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -1094,9 +1108,14 @@ ssh_signature pki_do_sign_sessionid(const ssh_key key, const unsigned char
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = mbedtls_ecdsa_sign(&key->ecdsa->grp, sig->ecdsa_sig.r,
|
rc = mbedtls_ecdsa_sign(&key->ecdsa->grp,
|
||||||
sig->ecdsa_sig.s, &key->ecdsa->d, hash, hlen,
|
sig->ecdsa_sig.r,
|
||||||
mbedtls_ctr_drbg_random, &ssh_mbedtls_ctr_drbg);
|
sig->ecdsa_sig.s,
|
||||||
|
&key->ecdsa->d,
|
||||||
|
hash,
|
||||||
|
hlen,
|
||||||
|
mbedtls_ctr_drbg_random,
|
||||||
|
ssh_get_mbedtls_ctr_drbg_context());
|
||||||
if (rc != 0) {
|
if (rc != 0) {
|
||||||
ssh_signature_free(sig);
|
ssh_signature_free(sig);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -1247,8 +1266,10 @@ int pki_key_generate_ecdsa(ssh_key key, int parameter)
|
|||||||
|
|
||||||
mbedtls_ecdsa_init(key->ecdsa);
|
mbedtls_ecdsa_init(key->ecdsa);
|
||||||
|
|
||||||
ok = mbedtls_ecdsa_genkey(key->ecdsa, pki_key_ecdsa_nid_to_mbed_gid(nid),
|
ok = mbedtls_ecdsa_genkey(key->ecdsa,
|
||||||
mbedtls_ctr_drbg_random, &ssh_mbedtls_ctr_drbg);
|
pki_key_ecdsa_nid_to_mbed_gid(nid),
|
||||||
|
mbedtls_ctr_drbg_random,
|
||||||
|
ssh_get_mbedtls_ctr_drbg_context());
|
||||||
|
|
||||||
if (ok != 0) {
|
if (ok != 0) {
|
||||||
mbedtls_ecdsa_free(key->ecdsa);
|
mbedtls_ecdsa_free(key->ecdsa);
|
||||||
|
|||||||
Reference in New Issue
Block a user