24#ifndef LIBMBEDCRYPTO_H_ 
   25#define LIBMBEDCRYPTO_H_ 
   29#ifdef HAVE_LIBMBEDCRYPTO 
   31#include <mbedtls/md.h> 
   32#include <mbedtls/bignum.h> 
   33#include <mbedtls/pk.h> 
   34#include <mbedtls/cipher.h> 
   35#include <mbedtls/entropy.h> 
   36#include <mbedtls/ctr_drbg.h> 
   37#include <mbedtls/platform.h> 
   39typedef mbedtls_md_context_t *SHACTX;
 
   40typedef mbedtls_md_context_t *SHA256CTX;
 
   41typedef mbedtls_md_context_t *SHA384CTX;
 
   42typedef mbedtls_md_context_t *SHA512CTX;
 
   43typedef mbedtls_md_context_t *MD5CTX;
 
   44typedef mbedtls_md_context_t *HMACCTX;
 
   46#define SHA_DIGEST_LENGTH 20 
   47#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH 
   48#define MD5_DIGEST_LEN 16 
   49#define SHA256_DIGEST_LENGTH 32 
   50#define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH 
   51#define SHA384_DIGEST_LENGTH 48 
   52#define SHA384_DIGEST_LEN SHA384_DIGEST_LENGTH 
   53#define SHA512_DIGEST_LENGTH 64 
   54#define SHA512_DIGEST_LEN SHA512_DIGEST_LENGTH 
   56#ifndef EVP_MAX_MD_SIZE 
   57#define EVP_MAX_MD_SIZE 64 
   60#define EVP_DIGEST_LEN EVP_MAX_MD_SIZE 
   62#define ssh_crypto_free(x) mbedtls_free(x) 
   64typedef mbedtls_mpi *bignum;
 
   65typedef const mbedtls_mpi *const_bignum;
 
   66typedef void* bignum_CTX;
 
   69#define NID_mbedtls_nistp256 0 
   70#define NID_mbedtls_nistp384 1 
   71#define NID_mbedtls_nistp521 2 
   73struct mbedtls_ecdsa_sig {
 
   82bignum ssh_mbedcry_bn_new(
void);
 
   83void ssh_mbedcry_bn_free(bignum num);
 
   84char *ssh_mbedcry_bn2num(const_bignum num, 
int radix);
 
   85int ssh_mbedcry_rand(bignum rnd, 
int bits, 
int top, 
int bottom);
 
   86int ssh_mbedcry_is_bit_set(bignum num, 
size_t pos);
 
   87int ssh_mbedcry_rand_range(bignum dest, bignum max);
 
   88int ssh_mbedcry_hex2bn(bignum *dest, 
char *data);
 
   90#define bignum_new() ssh_mbedcry_bn_new() 
   91#define bignum_safe_free(num) do { \ 
   92    if ((num) != NULL) { \ 
   93        ssh_mbedcry_bn_free(num); \ 
   97#define bignum_ctx_new() NULL 
   98#define bignum_ctx_free(num) do {(num) = NULL;} while(0) 
   99#define bignum_ctx_invalid(ctx) (ctx == NULL?0:1) 
  100#define bignum_set_word(bn, n) (mbedtls_mpi_lset(bn, n)==0?1:0)  
  102#define bignum_bin2bn(data, datalen, bn) do { \ 
  103    *(bn) = bignum_new(); \ 
  104    if (*(bn) != NULL) { \ 
  105        mbedtls_mpi_read_binary(*(bn), data, datalen); \ 
  108#define bignum_bn2dec(num) ssh_mbedcry_bn2num(num, 10) 
  109#define bignum_dec2bn(data, bn) mbedtls_mpi_read_string(bn, 10, data) 
  110#define bignum_bn2hex(num, dest) (*dest)=(unsigned char *)ssh_mbedcry_bn2num(num, 16) 
  111#define bignum_hex2bn(data, dest) ssh_mbedcry_hex2bn(dest, data) 
  112#define bignum_rand(rnd, bits) ssh_mbedcry_rand((rnd), (bits), 0, 1) 
  113#define bignum_rand_range(rnd, max) ssh_mbedcry_rand_range(rnd, max) 
  114#define bignum_mod_exp(dest, generator, exp, modulo, ctx) \ 
  115        (mbedtls_mpi_exp_mod(dest, generator, exp, modulo, NULL)==0?1:0) 
  116#define bignum_add(dest, a, b) mbedtls_mpi_add_mpi(dest, a, b) 
  117#define bignum_sub(dest, a, b) mbedtls_mpi_sub_mpi(dest, a, b) 
  118#define bignum_mod(dest, a, b, ctx) \ 
  119    (mbedtls_mpi_mod_mpi(dest, a, b) == 0 ? 1 : 0) 
  120#define bignum_num_bytes(num) mbedtls_mpi_size(num) 
  121#define bignum_num_bits(num) mbedtls_mpi_bitlen(num) 
  122#define bignum_is_bit_set(num, bit) ssh_mbedcry_is_bit_set(num, bit) 
  123#define bignum_bn2bin(num, len, ptr) mbedtls_mpi_write_binary(num, ptr, \ 
  124        mbedtls_mpi_size(num)) 
  125#define bignum_cmp(num1, num2) mbedtls_mpi_cmp_mpi(num1, num2) 
  126#define bignum_rshift1(dest, src) mbedtls_mpi_copy(dest, src), mbedtls_mpi_shift_r(dest, 1) 
  127#define bignum_dup(orig, dest) do { \ 
  128    if (*(dest) == NULL) { \ 
  129        *(dest) = bignum_new(); \ 
  131    if (*(dest) != NULL) { \ 
  132        mbedtls_mpi_copy(*(dest), orig); \ 
  136mbedtls_ctr_drbg_context *ssh_get_mbedtls_ctr_drbg_context(
void);
 
  138int ssh_mbedtls_random(
void *where, 
int len, 
int strong);
 
  140ssh_string make_ecpoint_string(
const mbedtls_ecp_group *g, 
const 
  141        mbedtls_ecp_point *p);
 
  143#define ssh_fips_mode() false