ecdh: Implement ECDH using libgcrypt

* include/libssh/crypto.h (struct ssh_crypto_struct): Provide a suitable 'ecdh_privkey'. * include/libssh/ecdh.h: Also define 'HAVE_ECDH' if we do ECC using libgcrypt. (ecdh_build_k): New prototype. * src/CMakeLists.txt (libssh_SRCS): Add backend-specific files. * src/ecdh.c: Move backend-specific parts to... * src/ecdh_crypto.c: ... this file. * src/ecdh_gcrypt.c: New file. * src/wrapper.c (crypto_free): Free 'ecdh_privkey'. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-07 10:40:28 +09:00 · 2016-05-02 16:00:26 +02:00
parent f62cded9f0
commit e3a866b8c1
7 changed files with 645 additions and 266 deletions
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -76,7 +76,11 @@ enum ssh_cipher_e {
 struct ssh_crypto_struct {
    bignum e,f,x,k,y;
 #ifdef HAVE_ECDH
+#ifdef HAVE_OPENSSL_ECC
    EC_KEY *ecdh_privkey;
+#elif defined HAVE_GCRYPT_ECC
+    gcry_sexp_t ecdh_privkey;
+#endif
    ssh_string ecdh_client_pubkey;
    ssh_string ecdh_server_pubkey;
 #endif
--- a/include/libssh/ecdh.h
+++ b/include/libssh/ecdh.h
@@ -33,9 +33,17 @@
 #endif /* HAVE_OPENSSL_ECDH_H */
 #endif /* HAVE_LIBCRYPTO */

-int ssh_client_ecdh_init(ssh_session session);
+#ifdef HAVE_GCRYPT_ECC
+#define HAVE_ECDH 1
+#endif
+
+/* Common functions.  */
 int ssh_client_ecdh_reply(ssh_session session, ssh_buffer packet);

+/* Backend-specific functions.  */
+int ssh_client_ecdh_init(ssh_session session);
+int ecdh_build_k(ssh_session session);
+
 #ifdef WITH_SERVER
 int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet);
 #endif /* WITH_SERVER */