mirror of
https://github.com/libssh2/libssh2.git
synced 2025-08-08 19:02:07 +03:00
Make libssh2 work again on os400. (#118)
* os400: minimum supported OS version is now V6R1. Do not log compiler informational messages. * Implement crypto backend specific Diffie-Hellman computation. This feature is now needed on os400 because the QC3 library does not implement bn_mod_exp() natively. Up to now, this function was emulated using an RSA encryption, but commitsca5222ea81and7934c9ce2a(CVE-2016-0787) broke the emulation because QC3 only supports RSA exponents up to 512 bits. Happily, QC3 supports a native API for Diffie-Hellman computation, with opaque random value: this commit implements the use of this API and, as a side effect, enables support of this feature for any other crypto backend that would use it. A "generic" Diffie-Hellman computation internal API supports crypto backends not implementing their own: this generic API uses the same functions as before. * Fix typos in docs/HACKING.CRYPTO.
This commit is contained in:
monnerat
committed by
Alexander Lamaison
Alexander Lamaison
parent
c81b2384ac
commit
c8c1b4a050
@@ -88,7 +88,7 @@ SHA_DIGEST_LENGTH
|
||||
#define to 20, the SHA-1 digest length.
|
||||
|
||||
libssh2_sha1_ctx
|
||||
Type of an SHA1 computation context. Generally a struct.
|
||||
Type of an SHA-1 computation context. Generally a struct.
|
||||
|
||||
int libssh2_sha1_init(libssh2_sha1_ctx *x);
|
||||
Initializes the SHA-1 computation context at x.
|
||||
@@ -102,7 +102,7 @@ Note: if the ctx parameter is modified by the underlying code,
|
||||
this procedure must be implemented as a macro to map ctx --> &ctx.
|
||||
|
||||
void libssh2_sha1_final(libssh2_sha1_ctx ctx,
|
||||
unsigned char output[SHA1_DIGEST_LEN]);
|
||||
unsigned char output[SHA_DIGEST_LEN]);
|
||||
Get the computed SHA-1 signature from context ctx and store it into the
|
||||
output buffer.
|
||||
Release the context.
|
||||
@@ -223,7 +223,7 @@ the keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().
|
||||
Returns 1 for success and 0 for failure.
|
||||
|
||||
|
||||
4) Bidirectional Key ciphers.
|
||||
4) Bidirectional key ciphers.
|
||||
|
||||
_libssh2_cipher_ctx
|
||||
Type of a cipher computation context.
|
||||
@@ -332,10 +332,50 @@ TripleDES-CBC algorithm identifier initializer.
|
||||
#define with constant value of type _libssh2_cipher_type().
|
||||
|
||||
|
||||
5) Big numbers.
|
||||
5) Diffie-Hellman support.
|
||||
If the crypto-library supports opaque Diffie-Hellman computations, symbol
|
||||
`libssh2_dh_key_pair' should be #defined as described below and the rest of
|
||||
this section applies.
|
||||
Else, the Diffie-Hellman context MUST be defined as `_libssh2_bn *' and
|
||||
the computation is emulated via calls to _libssh2_bn_rand() and
|
||||
_libssh2_bn_mod_exp(): all other symbols in this section are unused in this
|
||||
case.
|
||||
|
||||
5.1) Diffie-Hellman context.
|
||||
_libssh2_dh_ctx
|
||||
Type of a Diffie-Hellman computation context.
|
||||
Must always be defined.
|
||||
|
||||
5.2) Diffie-Hellman computation procedures.
|
||||
void libssh2_dh_init(_libssh2_dh_ctx *dhctx);
|
||||
Initializes the Diffie-Hellman context at `dhctx'. No effective context
|
||||
creation needed here.
|
||||
|
||||
int libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public,
|
||||
_libssh2_bn *g, _libssh2_bn *p, int group_order,
|
||||
_libssh2_bn_ctx *bnctx);
|
||||
Generates a Diffie-Hellman key pair using base `g', prime `p' and the given
|
||||
`group_order'. Can use the given big number context `bnctx' if needed.
|
||||
The private key is stored as opaque in the Diffie-Hellman context `*dhctx' and
|
||||
the public key is returned in `public'.
|
||||
0 is returned upon success, else -1.
|
||||
If defined, this procedure MUST be implemented as a #define'd macro.
|
||||
|
||||
int libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret,
|
||||
_libssh2_bn *f, _libssh2_bn *p, _libssh2_bn_ctx * bnctx)
|
||||
Computes the Diffie-Hellman secret from the previouly created context `*dhctx',
|
||||
the public key `f' from the other party and the same prime `p' used at
|
||||
context creation. The result is stored in `secret'.
|
||||
0 is returned upon success, else -1.
|
||||
|
||||
void libssh2_dh_dtor(_libssh2_dh_ctx *dhctx)
|
||||
Destroys Diffie-Hellman context at `dhctx' and resets its storage.
|
||||
|
||||
|
||||
6) Big numbers.
|
||||
Positive multi-byte integers support is sufficient.
|
||||
|
||||
5.1) Computation contexts.
|
||||
6.1) Computation contexts.
|
||||
This has a real meaning if the big numbers computations need some context
|
||||
storage. If not, use a dummy type and functions (macros).
|
||||
|
||||
@@ -349,7 +389,7 @@ Returns a new multiple precision computation context.
|
||||
void _libssh2_bn_ctx_free(_libssh2_bn_ctx ctx);
|
||||
Releases a multiple precision computation context.
|
||||
|
||||
5.2) Computation support.
|
||||
6.2) Computation support.
|
||||
_libssh2_bn
|
||||
Type of multiple precision numbers (aka bignumbers or huge integers) for the
|
||||
crypto library.
|
||||
@@ -396,15 +436,17 @@ random number can be zero. If top is 0, it is set to 1, and if top is 1, the
|
||||
two most significant bits of the number will be set to 1, so that the product
|
||||
of two such random numbers will always have 2*bits length. If bottom is true,
|
||||
the number will be odd.
|
||||
This procedure is only needed if no specific Diffie-Hellman support is provided.
|
||||
|
||||
void _libssh2_bn_mod_exp(_libssh2_bn *r, _libssh2_bn *a,
|
||||
_libssh2_bn *p, _libssh2_bn *m,
|
||||
_libssh2_bn_ctx *ctx);
|
||||
Computes a to the p-th power modulo m and stores the result into r (r=a^p % m).
|
||||
May use the given context.
|
||||
This procedure is only needed if no specific Diffie-Hellman support is provided.
|
||||
|
||||
|
||||
6) Private key algorithms.
|
||||
7) Private key algorithms.
|
||||
Format of an RSA public key:
|
||||
a) "ssh-rsa".
|
||||
b) RSA exponent, MSB first, with high order bit = 0.
|
||||
@@ -448,7 +490,7 @@ Both buffers have to be allocated using LIBSSH2_ALLOC().
|
||||
Returns 0 if OK, else -1.
|
||||
This procedure is already prototyped in crypto.h.
|
||||
|
||||
6.1) RSA
|
||||
7.1) RSA
|
||||
LIBSSH2_RSA
|
||||
#define as 1 if the crypto library supports RSA, else 0.
|
||||
If defined as 0, the rest of this section can be omitted.
|
||||
@@ -542,7 +584,7 @@ void _libssh2_rsa_free(libssh2_rsa_ctx *rsactx);
|
||||
Releases the RSA computation context at rsactx.
|
||||
|
||||
|
||||
6.2) DSA
|
||||
7.2) DSA
|
||||
LIBSSH2_DSA
|
||||
#define as 1 if the crypto library supports DSA, else 0.
|
||||
If defined as 0, the rest of this section can be omitted.
|
||||
@@ -592,7 +634,7 @@ This procedure is already prototyped in crypto.h.
|
||||
int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,
|
||||
const unsigned char *sig,
|
||||
const unsigned char *m, unsigned long m_len);
|
||||
Verify (sig, siglen) signature of (m, m_len) using an SHA1 hash and the
|
||||
Verify (sig, siglen) signature of (m, m_len) using an SHA-1 hash and the
|
||||
DSA context.
|
||||
Returns 0 if OK, else -1.
|
||||
This procedure is already prototyped in crypto.h.
|
||||
@@ -608,7 +650,7 @@ void _libssh2_dsa_free(libssh2_dsa_ctx *dsactx);
|
||||
Releases the DSA computation context at dsactx.
|
||||
|
||||
|
||||
7) Miscellaneous
|
||||
8) Miscellaneous
|
||||
|
||||
void libssh2_prepare_iovec(struct iovec *vector, unsigned int len);
|
||||
Prepare len consecutive iovec slots before using them.
|
||||
|
||||
Reference in New Issue
Block a user