dh: Confine DH KEX keys handling into fewer functions

In preparation for deferring computation on DH secret material to crypto library specific backends Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-06 18:29:50 +09:00 · 2019-03-13 14:20:52 -04:00
parent 2f38af1559
commit 30d97979a2
7 changed files with 334 additions and 157 deletions
--- a/include/libssh/dh.h
+++ b/include/libssh/dh.h
@@ -25,24 +25,18 @@

 #include "libssh/crypto.h"

-struct dh_keypair {
-    bignum priv_key;
-    bignum pub_key;
-};
+struct dh_ctx;

-struct dh_ctx {
-    struct dh_keypair client;
-    struct dh_keypair server;
-    bignum generator;
-    bignum modulus;
-};
+#define DH_CLIENT_KEYPAIR 0
+#define DH_SERVER_KEYPAIR 1

 int ssh_dh_init(void);
 void ssh_dh_finalize(void);

 int ssh_dh_import_next_pubkey_blob(ssh_session session, ssh_string pubkey_blob);

-int ssh_dh_build_k(ssh_session session);
+int ssh_dh_compute_shared_secret(struct dh_ctx *ctx, int local, int remote,
+                                 bignum *dest);
 int ssh_client_dh_init(ssh_session session);

 ssh_key ssh_dh_get_current_server_publickey(ssh_session session);
@@ -56,9 +50,18 @@ int ssh_dh_get_next_server_publickey_blob(ssh_session session,
 void ssh_server_dh_init(ssh_session session);
 #endif /* WITH_SERVER */

-int ssh_dh_init_common(ssh_session session);
+int ssh_dh_init_common(struct ssh_crypto_struct *crypto);
 void ssh_dh_cleanup(struct ssh_crypto_struct *crypto);
-int ssh_dh_generate_secret(ssh_session session, bignum dest);
 int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet);

+int ssh_dh_get_parameters(struct dh_ctx *ctx,
+                          const_bignum *modulus, const_bignum *generator);
+int ssh_dh_set_parameters(struct dh_ctx *ctx,
+                          bignum modulus, bignum generator);
+int ssh_dh_keypair_gen_keys(struct dh_ctx *ctx, int peer);
+int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
+                            const_bignum *priv, const_bignum *pub);
+int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
+                            bignum priv, bignum pub);
+
 #endif /* DH_H_ */
--- a/include/libssh/libcrypto.h
+++ b/include/libssh/libcrypto.h
@@ -64,6 +64,7 @@ typedef void *EVPCTX;
 #define BROKEN_AES_CTR
 #endif
 typedef BIGNUM*  bignum;
+typedef const BIGNUM* const_bignum;
 typedef BN_CTX* bignum_CTX;

 #define bignum_new() BN_new()
--- a/include/libssh/libgcrypt.h
+++ b/include/libssh/libgcrypt.h
@@ -50,6 +50,7 @@ typedef gcry_md_hd_t EVPCTX;
 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE

 typedef gcry_mpi_t bignum;
+typedef const struct gcry_mpi *const_bignum;
 typedef void* bignum_CTX;

 /* Constants for curves.  */
--- a/include/libssh/libmbedcrypto.h
+++ b/include/libssh/libmbedcrypto.h
@@ -60,6 +60,7 @@ typedef mbedtls_md_context_t *EVPCTX;
 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE

 typedef mbedtls_mpi *bignum;
+typedef const mbedtls_mpi *const_bignum;
 typedef void* bignum_CTX;

 /* Constants for curves */