├── .root ├── README.md ├── Tests └── CSSH2Test │ └── Test.swift ├── .gitignore ├── Sources └── CSSH2 │ ├── crypto.c │ ├── poly1305.h │ ├── chacha.h │ ├── crypto_config.h │ ├── cipher-chachapoly.h │ ├── comp.h │ ├── userauth_kbd_packet.h │ ├── version.c │ ├── userauth.h │ ├── global.c │ ├── mac.h │ ├── libssh2_setup.h │ ├── transport.h │ ├── packet.h │ ├── session.h │ ├── keepalive.c │ ├── cipher-chachapoly.c │ ├── channel.h │ ├── include │ ├── libssh2_publickey.h │ └── libssh2_sftp.h │ ├── poly1305.c │ ├── misc.h │ ├── userauth_kbd_packet.c │ ├── chacha.c │ ├── bcrypt_pbkdf.c │ ├── sftp.h │ ├── libgcrypt.h │ ├── comp.c │ ├── agent_win.c │ ├── openssl.h │ ├── crypto.h │ └── mac.c ├── LICENSE ├── .github └── workflows │ └── build.yml ├── Script ├── test.sh └── update.sh ├── Package.swift └── Package@swift-5.9.swift /.root: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # libssh2-spm 2 | 3 | Swift package for libssh2, tracked on source code automatically from release. 4 | -------------------------------------------------------------------------------- /Tests/CSSH2Test/Test.swift: -------------------------------------------------------------------------------- 1 | import CSSH2 2 | import XCTest 3 | 4 | class MyTest: XCTestCase { 5 | func testExample() { 6 | XCTAssert(libssh2_init(0) == 0) 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | /.swiftpm 3 | /*.zip 4 | /.build 5 | /build 6 | /temp 7 | /Packages 8 | /*.xcodeproj 9 | xcuserdata/ 10 | *.xcframework 11 | build/ 12 | .DS_Store 13 | version.lock 14 | *.zip 15 | *.tar 16 | .build/ 17 | .swiftpm/ 18 | .DS_Store 19 | binpack* 20 | *.xcuserstate 21 | BinaryTarget/ 22 | tag.txt 23 | Package.resolved 24 | -------------------------------------------------------------------------------- /Sources/CSSH2/crypto.c: -------------------------------------------------------------------------------- 1 | /* Copyright (C) Viktor Szakats 2 | * 3 | * SPDX-License-Identifier: BSD-3-Clause 4 | */ 5 | 6 | #define LIBSSH2_CRYPTO_C 7 | #include "libssh2_priv.h" 8 | 9 | #if defined(LIBSSH2_OPENSSL) || defined(LIBSSH2_WOLFSSL) 10 | #include "openssl.c" 11 | #elif defined(LIBSSH2_LIBGCRYPT) 12 | #include "libgcrypt.c" 13 | #elif defined(LIBSSH2_MBEDTLS) 14 | #include "mbedtls.c" 15 | #elif defined(LIBSSH2_OS400QC3) 16 | #include "os400qc3.c" 17 | #elif defined(LIBSSH2_WINCNG) 18 | #include "wincng.c" 19 | #endif 20 | -------------------------------------------------------------------------------- /Sources/CSSH2/poly1305.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: poly1305.h,v 1.4 2014/05/02 03:27:54 djm Exp $ */ 2 | 3 | /* 4 | * Public Domain poly1305 from Andrew Moon 5 | * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna 6 | * Copyright not intended 2024. 7 | * 8 | * SPDX-License-Identifier: SAX-PD-2.0 9 | */ 10 | 11 | #ifndef POLY1305_H 12 | #define POLY1305_H 13 | 14 | #define POLY1305_KEYLEN 32 15 | #define POLY1305_TAGLEN 16 16 | 17 | void poly1305_auth(u_char out[POLY1305_TAGLEN], const u_char *m, size_t inlen, 18 | const u_char key[POLY1305_KEYLEN]); 19 | 20 | #endif /* POLY1305_H */ 21 | -------------------------------------------------------------------------------- /Sources/CSSH2/chacha.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: chacha.h,v 1.4 2016/08/27 04:04:56 guenther Exp $ */ 2 | 3 | /* 4 | * chacha-merged.c version 20080118 5 | * D. J. Bernstein 6 | * Public domain. 7 | * Copyright not intended 2024. 8 | * 9 | * SPDX-License-Identifier: SAX-PD-2.0 10 | */ 11 | 12 | #ifndef CHACHA_H 13 | #define CHACHA_H 14 | 15 | #include 16 | 17 | struct chacha_ctx { 18 | u_int input[16]; 19 | }; 20 | 21 | #define CHACHA_MINKEYLEN 16 22 | #define CHACHA_NONCELEN 8 23 | #define CHACHA_CTRLEN 8 24 | #define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN) 25 | #define CHACHA_BLOCKLEN 64 26 | 27 | void chacha_keysetup(struct chacha_ctx *x, const u_char *k, u_int kbits); 28 | void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, const u_char *ctr); 29 | void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m, 30 | u_char *c, u_int bytes); 31 | 32 | #endif /* CHACHA_H */ 33 | 34 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 Lakr Aream 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: Fetch Update and Publish Release 2 | 3 | on: 4 | workflow_dispatch: 5 | schedule: 6 | - cron: "4 5 * * *" 7 | 8 | jobs: 9 | fetch-and-release: 10 | runs-on: macos-14 11 | steps: 12 | - name: Checkout Source Code 13 | uses: actions/checkout@v4.1.1 14 | 15 | - name: Build If Needed 16 | run: | 17 | ./Script/update.sh 18 | ./Script/test.sh 19 | 20 | if [ -f "tag.txt" ]; then 21 | echo UPDATE_NEEDED=true >> $GITHUB_ENV 22 | else 23 | echo UPDATE_NEEDED=false >> $GITHUB_ENV 24 | exit 0 25 | fi 26 | 27 | echo "RELEASE_TAG=$(cat tag.txt)" >> $GITHUB_ENV 28 | 29 | - name: Commit & Push changes 30 | uses: actions-js/push@master 31 | if: env.UPDATE_NEEDED == 'true' 32 | with: 33 | github_token: ${{ secrets.GITHUB_TOKEN }} 34 | 35 | - name: Make Release 36 | if: env.UPDATE_NEEDED == 'true' 37 | uses: softprops/action-gh-release@v0.1.15 38 | with: 39 | tag_name: ${{ env.RELEASE_TAG }} 40 | body: | 41 | # Package 42 | This release was made by automation. 43 | draft: false 44 | prerelease: false 45 | 46 | 47 | -------------------------------------------------------------------------------- /Sources/CSSH2/crypto_config.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) Viktor Szakats 2 | * 3 | * SPDX-License-Identifier: BSD-3-Clause 4 | */ 5 | 6 | #define LIBSSH2_MD5_PEM LIBSSH2_MD5 7 | 8 | #ifdef LIBSSH2_NO_MD5 9 | #undef LIBSSH2_MD5 10 | #define LIBSSH2_MD5 0 11 | #endif 12 | 13 | #ifdef LIBSSH2_NO_MD5_PEM 14 | #undef LIBSSH2_MD5_PEM 15 | #define LIBSSH2_MD5_PEM 0 16 | #endif 17 | 18 | #ifdef LIBSSH2_NO_HMAC_RIPEMD 19 | #undef LIBSSH2_HMAC_RIPEMD 20 | #define LIBSSH2_HMAC_RIPEMD 0 21 | #endif 22 | 23 | #if !defined(LIBSSH2_DSA_ENABLE) 24 | #undef LIBSSH2_DSA 25 | #define LIBSSH2_DSA 0 26 | #endif 27 | 28 | #ifdef LIBSSH2_NO_RSA 29 | #undef LIBSSH2_RSA 30 | #define LIBSSH2_RSA 0 31 | #endif 32 | 33 | #ifdef LIBSSH2_NO_RSA_SHA1 34 | #undef LIBSSH2_RSA_SHA1 35 | #define LIBSSH2_RSA_SHA1 0 36 | #endif 37 | 38 | #ifdef LIBSSH2_NO_ECDSA 39 | #undef LIBSSH2_ECDSA 40 | #define LIBSSH2_ECDSA 0 41 | #endif 42 | 43 | #ifdef LIBSSH2_NO_ED25519 44 | #undef LIBSSH2_ED25519 45 | #define LIBSSH2_ED25519 0 46 | #endif 47 | 48 | #ifdef LIBSSH2_NO_AES_CTR 49 | #undef LIBSSH2_AES_CTR 50 | #define LIBSSH2_AES_CTR 0 51 | #endif 52 | 53 | #ifdef LIBSSH2_NO_AES_CBC 54 | #undef LIBSSH2_AES_CBC 55 | #define LIBSSH2_AES_CBC 0 56 | #endif 57 | 58 | #ifdef LIBSSH2_NO_BLOWFISH 59 | #undef LIBSSH2_BLOWFISH 60 | #define LIBSSH2_BLOWFISH 0 61 | #endif 62 | 63 | #ifdef LIBSSH2_NO_RC4 64 | #undef LIBSSH2_RC4 65 | #define LIBSSH2_RC4 0 66 | #endif 67 | 68 | #ifdef LIBSSH2_NO_CAST 69 | #undef LIBSSH2_CAST 70 | #define LIBSSH2_CAST 0 71 | #endif 72 | 73 | #ifdef LIBSSH2_NO_3DES 74 | #undef LIBSSH2_3DES 75 | #define LIBSSH2_3DES 0 76 | #endif 77 | -------------------------------------------------------------------------------- /Script/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd "$(dirname "$0")" 4 | cd .. 5 | 6 | SCEHEME="CSSH2" 7 | 8 | function test_build() { 9 | DESTINATION=$1 10 | echo "[*] test build for $DESTINATION" 11 | xcodebuild -scheme $SCEHEME -destination "$DESTINATION" | xcbeautify 12 | EXIT_CODE=${PIPESTATUS[0]} 13 | echo "[*] finished with exit code $EXIT_CODE" 14 | if [ $EXIT_CODE -ne 0 ]; then 15 | echo "[!] failed to build for $DESTINATION" 16 | exit 1 17 | fi 18 | } 19 | 20 | function test_test() { 21 | DESTINATION=$1 22 | echo "[*] execute test for $DESTINATION" 23 | xcodebuild test -scheme $SCEHEME -destination "$DESTINATION" | xcbeautify 24 | EXIT_CODE=${PIPESTATUS[0]} 25 | echo "[*] finished with exit code $EXIT_CODE" 26 | if [ $EXIT_CODE -ne 0 ]; then 27 | echo "[!] failed to build for $DESTINATION" 28 | exit 1 29 | fi 30 | } 31 | 32 | # to reset all cache 33 | # rm -rf "$(getconf DARWIN_USER_CACHE_DIR)/org.llvm.clang/ModuleCache" 34 | # rm -rf "$(getconf DARWIN_USER_CACHE_DIR)/org.llvm.clang.$(whoami)/ModuleCache" 35 | # rm -rf ~/Library/Developer/Xcode/DerivedData/* 36 | # rm -rf ~/Library/Caches/com.apple.dt.Xcode/* 37 | # rm -rf ~/Library/Caches/org.swift.swiftpm 38 | # rm -rf ~/Library/org.swift.swiftpm 39 | 40 | test_build "generic/platform=macOS" 41 | test_build "generic/platform=macOS,variant=Mac Catalyst" 42 | test_build "generic/platform=iOS" 43 | test_build "generic/platform=iOS Simulator" 44 | test_build "generic/platform=tvOS" 45 | test_build "generic/platform=tvOS Simulator" 46 | test_build "generic/platform=watchOS" 47 | test_build "generic/platform=watchOS Simulator" 48 | 49 | test_test "platform=macOS" 50 | -------------------------------------------------------------------------------- /Sources/CSSH2/cipher-chachapoly.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: cipher-chachapoly.h,v 1.4 2014/06/24 01:13:21 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) Damien Miller 2013 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | * 18 | * SPDX-License-Identifier: BSD-2-Clause 19 | */ 20 | #ifndef CHACHA_POLY_AEAD_H 21 | #define CHACHA_POLY_AEAD_H 22 | 23 | #include "chacha.h" 24 | #include "poly1305.h" 25 | 26 | #define CHACHA_KEYLEN 32 /* Only 256 bit keys used here */ 27 | 28 | struct chachapoly_ctx { 29 | struct chacha_ctx main_ctx, header_ctx; 30 | }; 31 | 32 | int chachapoly_init(struct chachapoly_ctx *cpctx, 33 | const u_char *key, u_int keylen); 34 | int chachapoly_crypt(struct chachapoly_ctx *cpctx, u_int seqnr, 35 | u_char *dest, const u_char *src, u_int len, u_int aadlen, 36 | int do_encrypt); 37 | int chachapoly_get_length(struct chachapoly_ctx *cpctx, 38 | u_int *plenp, u_int seqnr, const u_char *cp, 39 | u_int len); 40 | 41 | #endif /* CHACHA_POLY_AEAD_H */ 42 | -------------------------------------------------------------------------------- /Sources/CSSH2/comp.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBSSH2_COMP_H 2 | #define LIBSSH2_COMP_H 3 | /* Copyright (C) Daniel Stenberg 4 | * 5 | * Redistribution and use in source and binary forms, 6 | * with or without modification, are permitted provided 7 | * that the following conditions are met: 8 | * 9 | * Redistributions of source code must retain the above 10 | * copyright notice, this list of conditions and the 11 | * following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials 16 | * provided with the distribution. 17 | * 18 | * Neither the name of the copyright holder nor the names 19 | * of any other contributors may be used to endorse or 20 | * promote products derived from this software without 21 | * specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 24 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 25 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 26 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 28 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 29 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 30 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 31 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 33 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 34 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 35 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 36 | * OF SUCH DAMAGE. 37 | * 38 | * SPDX-License-Identifier: BSD-3-Clause 39 | */ 40 | 41 | #include "libssh2_priv.h" 42 | 43 | const LIBSSH2_COMP_METHOD **_libssh2_comp_methods(LIBSSH2_SESSION *session); 44 | 45 | #endif /* LIBSSH2_COMP_H */ 46 | -------------------------------------------------------------------------------- /Package.swift: -------------------------------------------------------------------------------- 1 | // swift-tools-version:5.3 2 | 3 | import PackageDescription 4 | 5 | let package = Package( 6 | name: "CSSH2", 7 | platforms: [ 8 | .iOS(.v12), 9 | .macOS(.v10_13), 10 | .tvOS(.v12), 11 | .watchOS(.v5), 12 | ], 13 | products: [ 14 | .library(name: "CSSH2", targets: ["CSSH2"]), 15 | ], 16 | dependencies: [ 17 | .package(url: "https://github.com/Lakr233/openssl-spm.git", from: "3.2.1"), 18 | ], 19 | targets: [ 20 | .target( 21 | name: "CSSH2", 22 | dependencies: [ 23 | .product(name: "OpenSSL", package: "openssl-spm"), 24 | ], 25 | cSettings: [ 26 | .define("HAVE_LIBSSL"), 27 | .define("HAVE_LIBZ"), 28 | .define("LIBSSH2_HAVE_ZLIB"), 29 | .define("LIBSSH2_OPENSSL"), 30 | 31 | .define("STDC_HEADERS"), 32 | .define("HAVE_ALLOCA"), 33 | .define("HAVE_ALLOCA_H"), 34 | .define("HAVE_ARPA_INET_H"), 35 | .define("HAVE_GETTIMEOFDAY"), 36 | .define("HAVE_INTTYPES_H"), 37 | .define("HAVE_MEMSET_S"), 38 | .define("HAVE_NETINET_IN_H"), 39 | .define("HAVE_O_NONBLOCK"), 40 | .define("HAVE_SELECT"), 41 | .define("HAVE_SNPRINTF"), 42 | .define("HAVE_STDIO_H"), 43 | .define("HAVE_STRTOLL"), 44 | .define("HAVE_SYS_IOCTL_H"), 45 | .define("HAVE_SYS_PARAM_H"), 46 | .define("HAVE_SYS_SELECT_H"), 47 | .define("HAVE_SYS_SOCKET_H"), 48 | .define("HAVE_SYS_TIME_H"), 49 | .define("HAVE_SYS_UIO_H"), 50 | .define("HAVE_SYS_UN_H"), 51 | .define("HAVE_UNISTD_H"), 52 | ] 53 | ), 54 | .testTarget(name: "CSSH2Test", dependencies: ["CSSH2"]), 55 | ], 56 | cxxLanguageStandard: .cxx11 57 | ) 58 | -------------------------------------------------------------------------------- /Sources/CSSH2/userauth_kbd_packet.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) Xaver Loppenstedt 2 | * All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, 5 | * with or without modification, are permitted provided 6 | * that the following conditions are met: 7 | * 8 | * Redistributions of source code must retain the above 9 | * copyright notice, this list of conditions and the 10 | * following disclaimer. 11 | * 12 | * Redistributions in binary form must reproduce the above 13 | * copyright notice, this list of conditions and the following 14 | * disclaimer in the documentation and/or other materials 15 | * provided with the distribution. 16 | * 17 | * Neither the name of the copyright holder nor the names 18 | * of any other contributors may be used to endorse or 19 | * promote products derived from this software without 20 | * specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 23 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 24 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 27 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 29 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 30 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 32 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 34 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 35 | * OF SUCH DAMAGE. 36 | * 37 | * SPDX-License-Identifier: BSD-3-Clause 38 | */ 39 | 40 | #ifndef LIBSSH2_USERAUTH_KBD_PACKET_H 41 | #define LIBSSH2_USERAUTH_KBD_PACKET_H 42 | 43 | int userauth_keyboard_interactive_decode_info_request(LIBSSH2_SESSION *); 44 | 45 | #endif /* LIBSSH2_USERAUTH_KBD_PACKET_H */ 46 | -------------------------------------------------------------------------------- /Package@swift-5.9.swift: -------------------------------------------------------------------------------- 1 | // swift-tools-version:5.9 2 | 3 | import PackageDescription 4 | 5 | let package = Package( 6 | name: "CSSH2", 7 | platforms: [ 8 | .iOS(.v12), 9 | .macOS(.v10_13), 10 | .tvOS(.v12), 11 | .watchOS(.v5), 12 | .visionOS(.v1), 13 | ], 14 | products: [ 15 | .library(name: "CSSH2", targets: ["CSSH2"]), 16 | ], 17 | dependencies: [ 18 | .package(url: "https://github.com/Lakr233/openssl-spm.git", from: "3.2.1"), 19 | ], 20 | targets: [ 21 | .target( 22 | name: "CSSH2", 23 | dependencies: [ 24 | .product(name: "OpenSSL", package: "openssl-spm"), 25 | ], 26 | cSettings: [ 27 | .define("HAVE_LIBSSL"), 28 | .define("HAVE_LIBZ"), 29 | .define("LIBSSH2_HAVE_ZLIB"), 30 | .define("LIBSSH2_OPENSSL"), 31 | 32 | .define("STDC_HEADERS"), 33 | .define("HAVE_ALLOCA"), 34 | .define("HAVE_ALLOCA_H"), 35 | .define("HAVE_ARPA_INET_H"), 36 | .define("HAVE_GETTIMEOFDAY"), 37 | .define("HAVE_INTTYPES_H"), 38 | .define("HAVE_MEMSET_S"), 39 | .define("HAVE_NETINET_IN_H"), 40 | .define("HAVE_O_NONBLOCK"), 41 | .define("HAVE_SELECT"), 42 | .define("HAVE_SNPRINTF"), 43 | .define("HAVE_STDIO_H"), 44 | .define("HAVE_STRTOLL"), 45 | .define("HAVE_SYS_IOCTL_H"), 46 | .define("HAVE_SYS_PARAM_H"), 47 | .define("HAVE_SYS_SELECT_H"), 48 | .define("HAVE_SYS_SOCKET_H"), 49 | .define("HAVE_SYS_TIME_H"), 50 | .define("HAVE_SYS_UIO_H"), 51 | .define("HAVE_SYS_UN_H"), 52 | .define("HAVE_UNISTD_H"), 53 | ] 54 | ), 55 | .testTarget(name: "CSSH2Test", dependencies: ["CSSH2"]), 56 | ], 57 | cxxLanguageStandard: .cxx11 58 | ) 59 | -------------------------------------------------------------------------------- /Sources/CSSH2/version.c: -------------------------------------------------------------------------------- 1 | /* Copyright (C) Daniel Stenberg 2 | * All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, 5 | * with or without modification, are permitted provided 6 | * that the following conditions are met: 7 | * 8 | * Redistributions of source code must retain the above 9 | * copyright notice, this list of conditions and the 10 | * following disclaimer. 11 | * 12 | * Redistributions in binary form must reproduce the above 13 | * copyright notice, this list of conditions and the following 14 | * disclaimer in the documentation and/or other materials 15 | * provided with the distribution. 16 | * 17 | * Neither the name of the copyright holder nor the names 18 | * of any other contributors may be used to endorse or 19 | * promote products derived from this software without 20 | * specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 23 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 24 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 27 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 29 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 30 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 32 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 34 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 35 | * OF SUCH DAMAGE. 36 | * 37 | * SPDX-License-Identifier: BSD-3-Clause 38 | */ 39 | 40 | #include "libssh2_priv.h" 41 | 42 | LIBSSH2_API 43 | const char *libssh2_version(int req_version_num) 44 | { 45 | if(req_version_num <= LIBSSH2_VERSION_NUM) 46 | return LIBSSH2_VERSION; 47 | return NULL; /* this is not a suitable library! */ 48 | } 49 | 50 | LIBSSH2_API 51 | libssh2_crypto_engine_t libssh2_crypto_engine(void) 52 | { 53 | return LIBSSH2_CRYPTO_ENGINE; 54 | } 55 | -------------------------------------------------------------------------------- /Sources/CSSH2/userauth.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBSSH2_USERAUTH_H 2 | #define LIBSSH2_USERAUTH_H 3 | /* Copyright (C) Sara Golemon 4 | * Copyright (C) Daniel Stenberg 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, 8 | * with or without modification, are permitted provided 9 | * that the following conditions are met: 10 | * 11 | * Redistributions of source code must retain the above 12 | * copyright notice, this list of conditions and the 13 | * following disclaimer. 14 | * 15 | * Redistributions in binary form must reproduce the above 16 | * copyright notice, this list of conditions and the following 17 | * disclaimer in the documentation and/or other materials 18 | * provided with the distribution. 19 | * 20 | * Neither the name of the copyright holder nor the names 21 | * of any other contributors may be used to endorse or 22 | * promote products derived from this software without 23 | * specific prior written permission. 24 | * 25 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 26 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 27 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 30 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 31 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 32 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 33 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 35 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 36 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 37 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 38 | * OF SUCH DAMAGE. 39 | * 40 | * SPDX-License-Identifier: BSD-3-Clause 41 | */ 42 | 43 | int 44 | _libssh2_userauth_publickey(LIBSSH2_SESSION *session, 45 | const char *username, 46 | size_t username_len, 47 | const unsigned char *pubkeydata, 48 | size_t pubkeydata_len, 49 | LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC 50 | ((*sign_callback)), 51 | void *abstract); 52 | 53 | #endif /* LIBSSH2_USERAUTH_H */ 54 | -------------------------------------------------------------------------------- /Script/update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd $(dirname $0)/.. 4 | 5 | set -e 6 | 7 | mkdir -p build 8 | pushd build > /dev/null 9 | 10 | echo "[*] preparing source..." 11 | git clone https://github.com/libssh2/libssh2 libssh2 || true 12 | 13 | pushd libssh2 > /dev/null 14 | SOURCE_DIR=$(pwd) 15 | 16 | git clean -fdx > /dev/null 17 | git reset --hard > /dev/null 18 | git checkout master > /dev/null 19 | git pull > /dev/null 20 | 21 | MAJOR=0 22 | MINOR=0 23 | PATCH=0 24 | for TAG in $(git tag | grep -E '^libssh2-[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | tail -n 1); do 25 | TAG=${TAG#libssh2-} 26 | CURRENT_MAJOR=${TAG%%.*} 27 | TAG=${TAG#*.} 28 | CURRENT_MINOR=${TAG%%.*} 29 | TAG=${TAG#*.} 30 | CURRENT_PATCH=${TAG%%.*} 31 | if [ $CURRENT_MAJOR -gt $MAJOR ]; then 32 | MAJOR=$CURRENT_MAJOR 33 | MINOR=$CURRENT_MINOR 34 | PATCH=$CURRENT_PATCH 35 | elif [ $CURRENT_MAJOR -eq $MAJOR ] && [ $CURRENT_MINOR -gt $MINOR ]; then 36 | MINOR=$CURRENT_MINOR 37 | PATCH=$CURRENT_PATCH 38 | elif [ $CURRENT_MAJOR -eq $MAJOR ] && [ $CURRENT_MINOR -eq $MINOR ] && [ $CURRENT_PATCH -gt $PATCH ]; then 39 | PATCH=$CURRENT_PATCH 40 | fi 41 | done 42 | echo "[*] latest version: $MAJOR.$MINOR.$PATCH" 43 | git checkout libssh2-$MAJOR.$MINOR.$PATCH > /dev/null 44 | TARGET_TAG=$MAJOR.$MINOR.$PATCH 45 | 46 | popd > /dev/null # openssh 47 | popd > /dev/null # build 48 | 49 | git pull --tags > /dev/null 50 | if [ $(git tag | grep -E "^$TARGET_TAG$" | wc -l) -gt 0 ]; then 51 | echo "[*] tag $TARGET_TAG already exists" 52 | exit 0 53 | fi 54 | 55 | echo "[*] generating source..." 56 | 57 | PACKAGE_NAME="CSSH2" 58 | 59 | rm -rf Sources 60 | mkdir -p Sources/$PACKAGE_NAME 61 | 62 | TARGET_INCLUDE_DIR=$(pwd)/Sources/$PACKAGE_NAME/include 63 | TARGET_SOURCE_DIR=$(pwd)/Sources/$PACKAGE_NAME 64 | 65 | echo "[*] copying include..." 66 | pushd $SOURCE_DIR/include > /dev/null 67 | for FILE in $(find . -type f); do 68 | if [ ${FILE:0:2} == "./" ]; then 69 | FILE=${FILE:2} 70 | fi 71 | TARGET_PATH=$TARGET_INCLUDE_DIR/$FILE 72 | mkdir -p $(dirname $TARGET_PATH) 73 | cp $FILE $TARGET_PATH 74 | done 75 | popd > /dev/null # include 76 | 77 | echo "[*] copying src..." 78 | pushd $SOURCE_DIR/src > /dev/null 79 | for FILE in $(find . -type f); do 80 | if [ ${FILE##*.} != "c" ] && [ ${FILE##*.} != "h" ]; then 81 | continue 82 | fi 83 | if [ ${FILE:0:2} == "./" ]; then 84 | FILE=${FILE:2} 85 | fi 86 | TARGET_PATH=$TARGET_SOURCE_DIR/$FILE 87 | mkdir -p $(dirname $TARGET_PATH) 88 | cp $FILE $TARGET_PATH 89 | done 90 | popd > /dev/null # src 91 | 92 | 93 | echo $TARGET_TAG > tag.txt 94 | echo "[*] done $(basename $0) : $TARGET_TAG" 95 | -------------------------------------------------------------------------------- /Sources/CSSH2/global.c: -------------------------------------------------------------------------------- 1 | /* Copyright (C) Lars Nordin 2 | * Copyright (C) Simon Josefsson 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, 6 | * with or without modification, are permitted provided 7 | * that the following conditions are met: 8 | * 9 | * Redistributions of source code must retain the above 10 | * copyright notice, this list of conditions and the 11 | * following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials 16 | * provided with the distribution. 17 | * 18 | * Neither the name of the copyright holder nor the names 19 | * of any other contributors may be used to endorse or 20 | * promote products derived from this software without 21 | * specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 24 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 25 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 26 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 28 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 29 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 30 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 31 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 33 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 34 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 35 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 36 | * OF SUCH DAMAGE. 37 | * 38 | * SPDX-License-Identifier: BSD-3-Clause 39 | */ 40 | 41 | #include "libssh2_priv.h" 42 | 43 | static int _libssh2_initialized = 0; 44 | static int _libssh2_init_flags = 0; 45 | 46 | LIBSSH2_API int 47 | libssh2_init(int flags) 48 | { 49 | if(_libssh2_initialized == 0 && !(flags & LIBSSH2_INIT_NO_CRYPTO)) { 50 | libssh2_crypto_init(); 51 | } 52 | 53 | _libssh2_initialized++; 54 | _libssh2_init_flags |= flags; 55 | 56 | return 0; 57 | } 58 | 59 | LIBSSH2_API void 60 | libssh2_exit(void) 61 | { 62 | if(_libssh2_initialized == 0) 63 | return; 64 | 65 | _libssh2_initialized--; 66 | 67 | if(_libssh2_initialized == 0 && 68 | !(_libssh2_init_flags & LIBSSH2_INIT_NO_CRYPTO)) { 69 | libssh2_crypto_exit(); 70 | } 71 | 72 | return; 73 | } 74 | 75 | void 76 | _libssh2_init_if_needed(void) 77 | { 78 | if(_libssh2_initialized == 0) 79 | (void)libssh2_init(0); 80 | } 81 | -------------------------------------------------------------------------------- /Sources/CSSH2/mac.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBSSH2_MAC_H 2 | #define LIBSSH2_MAC_H 3 | /* Copyright (C) Daniel Stenberg 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, 7 | * with or without modification, are permitted provided 8 | * that the following conditions are met: 9 | * 10 | * Redistributions of source code must retain the above 11 | * copyright notice, this list of conditions and the 12 | * following disclaimer. 13 | * 14 | * Redistributions in binary form must reproduce the above 15 | * copyright notice, this list of conditions and the following 16 | * disclaimer in the documentation and/or other materials 17 | * provided with the distribution. 18 | * 19 | * Neither the name of the copyright holder nor the names 20 | * of any other contributors may be used to endorse or 21 | * promote products derived from this software without 22 | * specific prior written permission. 23 | * 24 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 25 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 26 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 29 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 30 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 31 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 32 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 33 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 34 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 35 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 36 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 37 | * OF SUCH DAMAGE. 38 | * 39 | * SPDX-License-Identifier: BSD-3-Clause 40 | */ 41 | 42 | #include "libssh2_priv.h" 43 | 44 | struct _LIBSSH2_MAC_METHOD 45 | { 46 | const char *name; 47 | 48 | /* The length of a given MAC packet */ 49 | int mac_len; 50 | 51 | /* integrity key length */ 52 | int key_len; 53 | 54 | /* Message Authentication Code Hashing algo */ 55 | int (*init) (LIBSSH2_SESSION * session, unsigned char *key, int *free_key, 56 | void **abstract); 57 | int (*hash) (LIBSSH2_SESSION * session, unsigned char *buf, 58 | uint32_t seqno, const unsigned char *packet, 59 | size_t packet_len, const unsigned char *addtl, 60 | size_t addtl_len, void **abstract); 61 | int (*dtor) (LIBSSH2_SESSION * session, void **abstract); 62 | 63 | int etm; /* encrypt-then-mac */ 64 | }; 65 | 66 | typedef struct _LIBSSH2_MAC_METHOD LIBSSH2_MAC_METHOD; 67 | 68 | const LIBSSH2_MAC_METHOD **_libssh2_mac_methods(void); 69 | const LIBSSH2_MAC_METHOD *_libssh2_mac_override( 70 | const LIBSSH2_CRYPT_METHOD *crypt); 71 | 72 | #endif /* LIBSSH2_MAC_H */ 73 | -------------------------------------------------------------------------------- /Sources/CSSH2/libssh2_setup.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) Viktor Szakats 2 | * 3 | * SPDX-License-Identifier: BSD-3-Clause 4 | */ 5 | 6 | #ifndef LIBSSH2_SETUP_H 7 | #define LIBSSH2_SETUP_H 8 | 9 | /* Header for platform/compiler-specific initialization. 10 | Used by 'src', 'example', 'tests' */ 11 | 12 | /* Define mingw-w64 version macros, eg __MINGW{32,64}_{MINOR,MAJOR}_VERSION */ 13 | #ifdef __MINGW32__ 14 | #include <_mingw.h> 15 | #endif 16 | 17 | /* Configuration provided by build tools (autotools and CMake), 18 | and via platform-specific directories for os400 and vms */ 19 | #if defined(HAVE_CONFIG_H) || defined(__OS400__) || defined(__VMS) 20 | 21 | #include "libssh2_config.h" 22 | 23 | /* Hand-crafted configuration for platforms which lack config tool. 24 | Keep this synced with root CMakeLists.txt */ 25 | #elif defined(_WIN32) 26 | 27 | #define HAVE_SELECT 28 | #define HAVE_SNPRINTF 29 | 30 | #ifdef __MINGW32__ 31 | # define HAVE_UNISTD_H 32 | # define HAVE_INTTYPES_H 33 | # define HAVE_SYS_TIME_H 34 | # define HAVE_GETTIMEOFDAY 35 | # define HAVE_STRTOLL 36 | #elif defined(_MSC_VER) 37 | # if _MSC_VER >= 1800 38 | # define HAVE_INTTYPES_H 39 | # define HAVE_STRTOLL 40 | # else 41 | # define HAVE_STRTOI64 42 | # endif 43 | # if _MSC_VER < 1900 44 | # undef HAVE_SNPRINTF 45 | # endif 46 | #endif 47 | 48 | #endif /* defined(HAVE_CONFIG_H) */ 49 | 50 | /* Below applies to both auto-detected and hand-crafted configs */ 51 | 52 | #ifdef _WIN32 53 | 54 | #ifndef WIN32_LEAN_AND_MEAN 55 | #define WIN32_LEAN_AND_MEAN 56 | #endif 57 | #ifndef NOGDI 58 | #define NOGDI 59 | #endif 60 | #ifndef NONLS 61 | #define NONLS 62 | #endif 63 | 64 | #ifdef __MINGW32__ 65 | # ifdef __MINGW64_VERSION_MAJOR 66 | /* Number of bits in a file offset, on hosts where this is settable. */ 67 | # ifndef _FILE_OFFSET_BITS 68 | # define _FILE_OFFSET_BITS 64 69 | # endif 70 | # endif 71 | #elif defined(_MSC_VER) 72 | # ifndef _CRT_SECURE_NO_WARNINGS 73 | # define _CRT_SECURE_NO_WARNINGS /* for fopen(), getenv() */ 74 | # endif 75 | # if !defined(LIBSSH2_LIBRARY) || defined(LIBSSH2_TESTS) 76 | /* apply to examples and tests only */ 77 | # ifndef _CRT_NONSTDC_NO_DEPRECATE 78 | # define _CRT_NONSTDC_NO_DEPRECATE /* for strdup(), write() */ 79 | # endif 80 | # ifndef _WINSOCK_DEPRECATED_NO_WARNINGS 81 | # define _WINSOCK_DEPRECATED_NO_WARNINGS /* for inet_addr() */ 82 | # endif 83 | /* we cannot access our internal snprintf() implementation in examples and 84 | tests when linking to a shared libssh2. */ 85 | # if _MSC_VER < 1900 86 | # undef HAVE_SNPRINTF 87 | # define HAVE_SNPRINTF 88 | # define snprintf _snprintf 89 | # endif 90 | # endif 91 | # if _MSC_VER < 1500 92 | # define vsnprintf _vsnprintf 93 | # endif 94 | # if _MSC_VER < 1900 95 | # define strdup _strdup 96 | /* Silence bogus warning C4127: conditional expression is constant */ 97 | # pragma warning(disable:4127) 98 | # endif 99 | #endif 100 | 101 | #endif /* _WIN32 */ 102 | 103 | #endif /* LIBSSH2_SETUP_H */ 104 | -------------------------------------------------------------------------------- /Sources/CSSH2/transport.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBSSH2_TRANSPORT_H 2 | #define LIBSSH2_TRANSPORT_H 3 | /* Copyright (C) The Written Word, Inc. 4 | * Copyright (C) Daniel Stenberg 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, 8 | * with or without modification, are permitted provided 9 | * that the following conditions are met: 10 | * 11 | * Redistributions of source code must retain the above 12 | * copyright notice, this list of conditions and the 13 | * following disclaimer. 14 | * 15 | * Redistributions in binary form must reproduce the above 16 | * copyright notice, this list of conditions and the following 17 | * disclaimer in the documentation and/or other materials 18 | * provided with the distribution. 19 | * 20 | * Neither the name of the copyright holder nor the names 21 | * of any other contributors may be used to endorse or 22 | * promote products derived from this software without 23 | * specific prior written permission. 24 | * 25 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 26 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 27 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 30 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 31 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 32 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 33 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 35 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 36 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 37 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 38 | * OF SUCH DAMAGE. 39 | * 40 | * This file handles reading and writing to the SECSH transport layer. RFC4253. 41 | * 42 | * SPDX-License-Identifier: BSD-3-Clause 43 | */ 44 | 45 | #include "libssh2_priv.h" 46 | #include "packet.h" 47 | 48 | /* 49 | * libssh2_transport_send 50 | * 51 | * Send a packet, encrypting it and adding a MAC code if necessary 52 | * Returns 0 on success, non-zero on failure. 53 | * 54 | * The data is provided as _two_ data areas that are combined by this 55 | * function. The 'data' part is sent immediately before 'data2'. 'data2' can 56 | * be set to NULL (or data2_len to 0) to only use a single part. 57 | * 58 | * Returns LIBSSH2_ERROR_EAGAIN if it would block or if the whole packet was 59 | * not sent yet. If it does so, the caller should call this function again as 60 | * soon as it is likely that more data can be sent, and this function MUST 61 | * then be called with the same argument set (same data pointer and same 62 | * data_len) until ERROR_NONE or failure is returned. 63 | * 64 | * This function DOES NOT call _libssh2_error() on any errors. 65 | */ 66 | int _libssh2_transport_send(LIBSSH2_SESSION *session, 67 | const unsigned char *data, size_t data_len, 68 | const unsigned char *data2, size_t data2_len); 69 | 70 | /* 71 | * _libssh2_transport_read 72 | * 73 | * Collect a packet into the input brigade block only controls whether or not 74 | * to wait for a packet to start. 75 | * 76 | * Returns packet type added to input brigade (PACKET_NONE if nothing added), 77 | * or PACKET_FAIL on failure and PACKET_EAGAIN if it couldn't process a full 78 | * packet. 79 | */ 80 | 81 | /* 82 | * This function reads the binary stream as specified in chapter 6 of RFC4253 83 | * "The Secure Shell (SSH) Transport Layer Protocol" 84 | */ 85 | int _libssh2_transport_read(LIBSSH2_SESSION * session); 86 | 87 | #endif /* LIBSSH2_TRANSPORT_H */ 88 | -------------------------------------------------------------------------------- /Sources/CSSH2/packet.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBSSH2_PACKET_H 2 | #define LIBSSH2_PACKET_H 3 | /* 4 | * Copyright (C) Daniel Stenberg 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, 8 | * with or without modification, are permitted provided 9 | * that the following conditions are met: 10 | * 11 | * Redistributions of source code must retain the above 12 | * copyright notice, this list of conditions and the 13 | * following disclaimer. 14 | * 15 | * Redistributions in binary form must reproduce the above 16 | * copyright notice, this list of conditions and the following 17 | * disclaimer in the documentation and/or other materials 18 | * provided with the distribution. 19 | * 20 | * Neither the name of the copyright holder nor the names 21 | * of any other contributors may be used to endorse or 22 | * promote products derived from this software without 23 | * specific prior written permission. 24 | * 25 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 26 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 27 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 30 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 31 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 32 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 33 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 35 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 36 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 37 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 38 | * OF SUCH DAMAGE. 39 | * 40 | * SPDX-License-Identifier: BSD-3-Clause 41 | */ 42 | 43 | int _libssh2_packet_read(LIBSSH2_SESSION * session); 44 | 45 | int _libssh2_packet_ask(LIBSSH2_SESSION * session, unsigned char packet_type, 46 | unsigned char **data, size_t *data_len, 47 | int match_ofs, 48 | const unsigned char *match_buf, 49 | size_t match_len); 50 | 51 | int _libssh2_packet_askv(LIBSSH2_SESSION * session, 52 | const unsigned char *packet_types, 53 | unsigned char **data, size_t *data_len, 54 | int match_ofs, 55 | const unsigned char *match_buf, 56 | size_t match_len); 57 | int _libssh2_packet_require(LIBSSH2_SESSION * session, 58 | unsigned char packet_type, unsigned char **data, 59 | size_t *data_len, int match_ofs, 60 | const unsigned char *match_buf, 61 | size_t match_len, 62 | packet_require_state_t * state); 63 | int _libssh2_packet_requirev(LIBSSH2_SESSION *session, 64 | const unsigned char *packet_types, 65 | unsigned char **data, size_t *data_len, 66 | int match_ofs, 67 | const unsigned char *match_buf, 68 | size_t match_len, 69 | packet_requirev_state_t * state); 70 | int _libssh2_packet_burn(LIBSSH2_SESSION * session, 71 | libssh2_nonblocking_states * state); 72 | int _libssh2_packet_write(LIBSSH2_SESSION * session, unsigned char *data, 73 | unsigned long data_len); 74 | int _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, 75 | size_t datalen, int macstate, uint32_t seq); 76 | 77 | #endif /* LIBSSH2_PACKET_H */ 78 | -------------------------------------------------------------------------------- /Sources/CSSH2/session.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBSSH2_SESSION_H 2 | #define LIBSSH2_SESSION_H 3 | /* Copyright (C) Sara Golemon 4 | * Copyright (C) Daniel Stenberg 5 | * Copyright (C) Simon Josefsson 6 | * All rights reserved. 7 | * 8 | * Redistribution and use in source and binary forms, 9 | * with or without modification, are permitted provided 10 | * that the following conditions are met: 11 | * 12 | * Redistributions of source code must retain the above 13 | * copyright notice, this list of conditions and the 14 | * following disclaimer. 15 | * 16 | * Redistributions in binary form must reproduce the above 17 | * copyright notice, this list of conditions and the following 18 | * disclaimer in the documentation and/or other materials 19 | * provided with the distribution. 20 | * 21 | * Neither the name of the copyright holder nor the names 22 | * of any other contributors may be used to endorse or 23 | * promote products derived from this software without 24 | * specific prior written permission. 25 | * 26 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 27 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 28 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 29 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 31 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 32 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 33 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 34 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 35 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 36 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 37 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 38 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 39 | * OF SUCH DAMAGE. 40 | * 41 | * SPDX-License-Identifier: BSD-3-Clause 42 | */ 43 | 44 | /* Conveniance-macros to allow code like this; 45 | 46 | int rc = BLOCK_ADJUST(rc, session, session_startup(session, sock)); 47 | 48 | int rc = BLOCK_ADJUST_ERRNO(ptr, session, session_startup(session, sock)); 49 | 50 | The point being to make sure that while in non-blocking mode these always 51 | return no matter what the return code is, but in blocking mode it blocks 52 | if EAGAIN is the reason for the return from the underlying function. 53 | 54 | */ 55 | #define BLOCK_ADJUST(rc, sess, x) \ 56 | do { \ 57 | time_t entry_time = time(NULL); \ 58 | do { \ 59 | rc = x; \ 60 | /* the order of the check below is important to properly \ 61 | deal with the case when the 'sess' is freed */ \ 62 | if((rc != LIBSSH2_ERROR_EAGAIN) || !sess->api_block_mode) \ 63 | break; \ 64 | rc = _libssh2_wait_socket(sess, entry_time); \ 65 | } while(!rc); \ 66 | } while(0) 67 | 68 | /* 69 | * For functions that returns a pointer, we need to check if the API is 70 | * non-blocking and return immediately. If the pointer is non-NULL we return 71 | * immediately. If the API is blocking and we get a NULL we check the errno 72 | * and *only* if that is EAGAIN we loop and wait for socket action. 73 | */ 74 | #define BLOCK_ADJUST_ERRNO(ptr, sess, x) \ 75 | do { \ 76 | time_t entry_time = time(NULL); \ 77 | int rc; \ 78 | do { \ 79 | ptr = x; \ 80 | if(!sess->api_block_mode || \ 81 | (ptr != NULL) || \ 82 | (libssh2_session_last_errno(sess) != LIBSSH2_ERROR_EAGAIN)) \ 83 | break; \ 84 | rc = _libssh2_wait_socket(sess, entry_time); \ 85 | } while(!rc); \ 86 | } while(0) 87 | 88 | 89 | int _libssh2_wait_socket(LIBSSH2_SESSION *session, time_t entry_time); 90 | 91 | /* this is the lib-internal set blocking function */ 92 | int _libssh2_session_set_blocking(LIBSSH2_SESSION * session, int blocking); 93 | 94 | #endif /* LIBSSH2_SESSION_H */ 95 | -------------------------------------------------------------------------------- /Sources/CSSH2/keepalive.c: -------------------------------------------------------------------------------- 1 | /* Copyright (C) Simon Josefsson 2 | * All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, 5 | * with or without modification, are permitted provided 6 | * that the following conditions are met: 7 | * 8 | * Redistributions of source code must retain the above 9 | * copyright notice, this list of conditions and the 10 | * following disclaimer. 11 | * 12 | * Redistributions in binary form must reproduce the above 13 | * copyright notice, this list of conditions and the following 14 | * disclaimer in the documentation and/or other materials 15 | * provided with the distribution. 16 | * 17 | * Neither the name of the copyright holder nor the names 18 | * of any other contributors may be used to endorse or 19 | * promote products derived from this software without 20 | * specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 23 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 24 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 27 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 29 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 30 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 32 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 34 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 35 | * OF SUCH DAMAGE. 36 | * 37 | * SPDX-License-Identifier: BSD-3-Clause 38 | */ 39 | 40 | #include "libssh2_priv.h" 41 | #include "transport.h" /* _libssh2_transport_write */ 42 | 43 | /* Keep-alive stuff. */ 44 | 45 | LIBSSH2_API void 46 | libssh2_keepalive_config(LIBSSH2_SESSION *session, 47 | int want_reply, 48 | unsigned int interval) 49 | { 50 | if(interval == 1) 51 | session->keepalive_interval = 2; 52 | else 53 | session->keepalive_interval = interval; 54 | session->keepalive_want_reply = want_reply ? 1 : 0; 55 | } 56 | 57 | LIBSSH2_API int 58 | libssh2_keepalive_send(LIBSSH2_SESSION *session, 59 | int *seconds_to_next) 60 | { 61 | time_t now; 62 | 63 | if(!session->keepalive_interval) { 64 | if(seconds_to_next) 65 | *seconds_to_next = 0; 66 | return 0; 67 | } 68 | 69 | now = time(NULL); 70 | 71 | if(session->keepalive_last_sent + session->keepalive_interval <= now) { 72 | /* Format is 73 | "SSH_MSG_GLOBAL_REQUEST || 4-byte len || str || want-reply". */ 74 | unsigned char keepalive_data[] 75 | = "\x50\x00\x00\x00\x15keepalive@libssh2.orgW"; 76 | size_t len = sizeof(keepalive_data) - 1; 77 | int rc; 78 | 79 | keepalive_data[len - 1] = 80 | (unsigned char)session->keepalive_want_reply; 81 | 82 | rc = _libssh2_transport_send(session, keepalive_data, len, NULL, 0); 83 | /* Silently ignore PACKET_EAGAIN here: if the write buffer is 84 | already full, sending another keepalive is not useful. */ 85 | if(rc && rc != LIBSSH2_ERROR_EAGAIN) { 86 | _libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, 87 | "Unable to send keepalive message"); 88 | return rc; 89 | } 90 | 91 | session->keepalive_last_sent = now; 92 | if(seconds_to_next) 93 | *seconds_to_next = session->keepalive_interval; 94 | } 95 | else if(seconds_to_next) { 96 | *seconds_to_next = (int) (session->keepalive_last_sent - now) 97 | + session->keepalive_interval; 98 | } 99 | 100 | return 0; 101 | } 102 | -------------------------------------------------------------------------------- /Sources/CSSH2/cipher-chachapoly.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2013 Damien Miller 3 | * 4 | * Adapted by Will Cosgrove for libssh2 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | * 18 | * SPDX-License-Identifier: BSD-2-Clause 19 | */ 20 | 21 | /* $OpenBSD: cipher-chachapoly.c,v 1.8 2016/08/03 05:41:57 djm Exp $ */ 22 | 23 | #include "libssh2_priv.h" 24 | #include "misc.h" 25 | #include "cipher-chachapoly.h" 26 | 27 | int 28 | chachapoly_timingsafe_bcmp(const void *b1, const void *b2, size_t n); 29 | 30 | int 31 | chachapoly_init(struct chachapoly_ctx *ctx, const u_char *key, u_int keylen) 32 | { 33 | if(keylen != (32 + 32)) /* 2 x 256 bit keys */ 34 | return LIBSSH2_ERROR_INVAL; 35 | chacha_keysetup(&ctx->main_ctx, key, 256); 36 | chacha_keysetup(&ctx->header_ctx, key + 32, 256); 37 | return 0; 38 | } 39 | 40 | /* 41 | * chachapoly_crypt() operates as following: 42 | * En/decrypt with header key 'aadlen' bytes from 'src', storing result 43 | * to 'dest'. The ciphertext here is treated as additional authenticated 44 | * data for MAC calculation. 45 | * En/decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. Use 46 | * POLY1305_TAGLEN bytes at offset 'len'+'aadlen' as the authentication 47 | * tag. This tag is written on encryption and verified on decryption. 48 | */ 49 | int 50 | chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, 51 | const u_char *src, u_int len, u_int aadlen, int do_encrypt) 52 | { 53 | u_char seqbuf[8]; 54 | const u_char one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 }; /* NB little-endian */ 55 | u_char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN]; 56 | int r = LIBSSH2_ERROR_INVAL; 57 | unsigned char *ptr = NULL; 58 | 59 | /* 60 | * Run ChaCha20 once to generate the Poly1305 key. The IV is the 61 | * packet sequence number. 62 | */ 63 | memset(poly_key, 0, sizeof(poly_key)); 64 | ptr = &seqbuf[0]; 65 | _libssh2_store_u64(&ptr, seqnr); 66 | chacha_ivsetup(&ctx->main_ctx, seqbuf, NULL); 67 | chacha_encrypt_bytes(&ctx->main_ctx, 68 | poly_key, poly_key, sizeof(poly_key)); 69 | 70 | /* If decrypting, check tag before anything else */ 71 | if(!do_encrypt) { 72 | const u_char *tag = src + aadlen + len; 73 | 74 | poly1305_auth(expected_tag, src, aadlen + len, poly_key); 75 | if(chachapoly_timingsafe_bcmp(expected_tag, tag, POLY1305_TAGLEN) 76 | != 0) { 77 | r = LIBSSH2_ERROR_DECRYPT; 78 | goto out; 79 | } 80 | } 81 | 82 | /* Crypt additional data */ 83 | if(aadlen) { 84 | chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL); 85 | chacha_encrypt_bytes(&ctx->header_ctx, src, dest, aadlen); 86 | } 87 | 88 | /* Set Chacha's block counter to 1 */ 89 | chacha_ivsetup(&ctx->main_ctx, seqbuf, one); 90 | chacha_encrypt_bytes(&ctx->main_ctx, src + aadlen, 91 | dest + aadlen, len); 92 | 93 | /* If encrypting, calculate and append tag */ 94 | if(do_encrypt) { 95 | poly1305_auth(dest + aadlen + len, dest, aadlen + len, 96 | poly_key); 97 | } 98 | r = 0; 99 | out: 100 | memset(expected_tag, 0, sizeof(expected_tag)); 101 | memset(seqbuf, 0, sizeof(seqbuf)); 102 | memset(poly_key, 0, sizeof(poly_key)); 103 | return r; 104 | } 105 | 106 | /* Decrypt and extract the encrypted packet length */ 107 | int 108 | chachapoly_get_length(struct chachapoly_ctx *ctx, unsigned int *plenp, 109 | unsigned int seqnr, const unsigned char *cp, 110 | unsigned int len) 111 | { 112 | u_char buf[4], seqbuf[8]; 113 | unsigned char *ptr = NULL; 114 | 115 | if(len < 4) 116 | return -1; 117 | ptr = &seqbuf[0]; 118 | _libssh2_store_u64(&ptr, seqnr); 119 | chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL); 120 | chacha_encrypt_bytes(&ctx->header_ctx, cp, buf, 4); 121 | *plenp = _libssh2_ntohu32(buf); 122 | return 0; 123 | } 124 | 125 | int 126 | chachapoly_timingsafe_bcmp(const void *b1, const void *b2, size_t n) 127 | { 128 | const unsigned char *p1 = b1, *p2 = b2; 129 | int ret = 0; 130 | 131 | for(; n > 0; n--) 132 | ret |= *p1++ ^ *p2++; 133 | return (ret != 0); 134 | } 135 | -------------------------------------------------------------------------------- /Sources/CSSH2/channel.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBSSH2_CHANNEL_H 2 | #define LIBSSH2_CHANNEL_H 3 | /* Copyright (C) Daniel Stenberg 4 | * 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, 8 | * with or without modification, are permitted provided 9 | * that the following conditions are met: 10 | * 11 | * Redistributions of source code must retain the above 12 | * copyright notice, this list of conditions and the 13 | * following disclaimer. 14 | * 15 | * Redistributions in binary form must reproduce the above 16 | * copyright notice, this list of conditions and the following 17 | * disclaimer in the documentation and/or other materials 18 | * provided with the distribution. 19 | * 20 | * Neither the name of the copyright holder nor the names 21 | * of any other contributors may be used to endorse or 22 | * promote products derived from this software without 23 | * specific prior written permission. 24 | * 25 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 26 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 27 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 30 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 31 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 32 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 33 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 35 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 36 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 37 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 38 | * OF SUCH DAMAGE. 39 | * 40 | * SPDX-License-Identifier: BSD-3-Clause 41 | */ 42 | 43 | /* 44 | * _libssh2_channel_receive_window_adjust 45 | * 46 | * Adjust the receive window for a channel by adjustment bytes. If the amount 47 | * to be adjusted is less than LIBSSH2_CHANNEL_MINADJUST and force is 0 the 48 | * adjustment amount will be queued for a later packet. 49 | * 50 | * Always non-blocking. 51 | */ 52 | int _libssh2_channel_receive_window_adjust(LIBSSH2_CHANNEL * channel, 53 | uint32_t adjustment, 54 | unsigned char force, 55 | unsigned int *store); 56 | 57 | /* 58 | * _libssh2_channel_flush 59 | * 60 | * Flush data from one (or all) stream 61 | * Returns number of bytes flushed, or negative on failure 62 | */ 63 | int _libssh2_channel_flush(LIBSSH2_CHANNEL *channel, int streamid); 64 | 65 | /* 66 | * _libssh2_channel_free 67 | * 68 | * Make sure a channel is closed, then remove the channel from the session 69 | * and free its resource(s) 70 | * 71 | * Returns 0 on success, negative on failure 72 | */ 73 | int _libssh2_channel_free(LIBSSH2_CHANNEL *channel); 74 | 75 | int 76 | _libssh2_channel_extended_data(LIBSSH2_CHANNEL *channel, int ignore_mode); 77 | 78 | /* 79 | * _libssh2_channel_write 80 | * 81 | * Send data to a channel 82 | */ 83 | ssize_t 84 | _libssh2_channel_write(LIBSSH2_CHANNEL *channel, int stream_id, 85 | const unsigned char *buf, size_t buflen); 86 | 87 | /* 88 | * _libssh2_channel_open 89 | * 90 | * Establish a generic session channel 91 | */ 92 | LIBSSH2_CHANNEL * 93 | _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type, 94 | uint32_t channel_type_len, 95 | uint32_t window_size, 96 | uint32_t packet_size, 97 | const unsigned char *message, size_t message_len); 98 | 99 | 100 | /* 101 | * _libssh2_channel_process_startup 102 | * 103 | * Primitive for libssh2_channel_(shell|exec|subsystem) 104 | */ 105 | int 106 | _libssh2_channel_process_startup(LIBSSH2_CHANNEL *channel, 107 | const char *request, size_t request_len, 108 | const char *message, size_t message_len); 109 | 110 | /* 111 | * _libssh2_channel_read 112 | * 113 | * Read data from a channel 114 | * 115 | * It is important to not return 0 until the currently read channel is 116 | * complete. If we read stuff from the wire but it was no payload data to fill 117 | * in the buffer with, we MUST make sure to return PACKET_EAGAIN. 118 | */ 119 | ssize_t _libssh2_channel_read(LIBSSH2_CHANNEL *channel, int stream_id, 120 | char *buf, size_t buflen); 121 | 122 | uint32_t _libssh2_channel_nextid(LIBSSH2_SESSION * session); 123 | 124 | LIBSSH2_CHANNEL *_libssh2_channel_locate(LIBSSH2_SESSION * session, 125 | uint32_t channel_id); 126 | 127 | size_t _libssh2_channel_packet_data_len(LIBSSH2_CHANNEL * channel, 128 | int stream_id); 129 | 130 | int _libssh2_channel_close(LIBSSH2_CHANNEL * channel); 131 | 132 | /* 133 | * _libssh2_channel_forward_cancel 134 | * 135 | * Stop listening on a remote port and free the listener 136 | * Toss out any pending (un-accept()ed) connections 137 | * 138 | * Return 0 on success, LIBSSH2_ERROR_EAGAIN if would block, -1 on error 139 | */ 140 | int _libssh2_channel_forward_cancel(LIBSSH2_LISTENER *listener); 141 | 142 | #endif /* LIBSSH2_CHANNEL_H */ 143 | -------------------------------------------------------------------------------- /Sources/CSSH2/include/libssh2_publickey.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) Sara Golemon 2 | * All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, 5 | * with or without modification, are permitted provided 6 | * that the following conditions are met: 7 | * 8 | * Redistributions of source code must retain the above 9 | * copyright notice, this list of conditions and the 10 | * following disclaimer. 11 | * 12 | * Redistributions in binary form must reproduce the above 13 | * copyright notice, this list of conditions and the following 14 | * disclaimer in the documentation and/or other materials 15 | * provided with the distribution. 16 | * 17 | * Neither the name of the copyright holder nor the names 18 | * of any other contributors may be used to endorse or 19 | * promote products derived from this software without 20 | * specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 23 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 24 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 27 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 29 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 30 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 32 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 34 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 35 | * OF SUCH DAMAGE. 36 | */ 37 | 38 | /* Note: This include file is only needed for using the 39 | * publickey SUBSYSTEM which is not the same as publickey 40 | * authentication. For authentication you only need libssh2.h 41 | * 42 | * For more information on the publickey subsystem, 43 | * refer to IETF draft: secsh-publickey 44 | * 45 | * SPDX-License-Identifier: BSD-3-Clause 46 | */ 47 | 48 | #ifndef LIBSSH2_PUBLICKEY_H 49 | #define LIBSSH2_PUBLICKEY_H 1 50 | 51 | #include "libssh2.h" 52 | 53 | typedef struct _LIBSSH2_PUBLICKEY LIBSSH2_PUBLICKEY; 54 | 55 | typedef struct _libssh2_publickey_attribute { 56 | const char *name; 57 | unsigned long name_len; 58 | const char *value; 59 | unsigned long value_len; 60 | char mandatory; 61 | } libssh2_publickey_attribute; 62 | 63 | typedef struct _libssh2_publickey_list { 64 | unsigned char *packet; /* For freeing */ 65 | 66 | const unsigned char *name; 67 | unsigned long name_len; 68 | const unsigned char *blob; 69 | unsigned long blob_len; 70 | unsigned long num_attrs; 71 | libssh2_publickey_attribute *attrs; /* free me */ 72 | } libssh2_publickey_list; 73 | 74 | /* Generally use the first macro here, but if both name and value are string 75 | literals, you can use _fast() to take advantage of preprocessing */ 76 | #define libssh2_publickey_attribute(name, value, mandatory) \ 77 | { (name), strlen(name), (value), strlen(value), (mandatory) }, 78 | #define libssh2_publickey_attribute_fast(name, value, mandatory) \ 79 | { (name), sizeof(name) - 1, (value), sizeof(value) - 1, (mandatory) }, 80 | 81 | #ifdef __cplusplus 82 | extern "C" { 83 | #endif 84 | 85 | /* Publickey Subsystem */ 86 | LIBSSH2_API LIBSSH2_PUBLICKEY * 87 | libssh2_publickey_init(LIBSSH2_SESSION *session); 88 | 89 | LIBSSH2_API int 90 | libssh2_publickey_add_ex(LIBSSH2_PUBLICKEY *pkey, 91 | const unsigned char *name, 92 | unsigned long name_len, 93 | const unsigned char *blob, 94 | unsigned long blob_len, char overwrite, 95 | unsigned long num_attrs, 96 | const libssh2_publickey_attribute attrs[]); 97 | #define libssh2_publickey_add(pkey, name, blob, blob_len, overwrite, \ 98 | num_attrs, attrs) \ 99 | libssh2_publickey_add_ex((pkey), \ 100 | (name), strlen(name), \ 101 | (blob), (blob_len), \ 102 | (overwrite), (num_attrs), (attrs)) 103 | 104 | LIBSSH2_API int libssh2_publickey_remove_ex(LIBSSH2_PUBLICKEY *pkey, 105 | const unsigned char *name, 106 | unsigned long name_len, 107 | const unsigned char *blob, 108 | unsigned long blob_len); 109 | #define libssh2_publickey_remove(pkey, name, blob, blob_len) \ 110 | libssh2_publickey_remove_ex((pkey), \ 111 | (name), strlen(name), \ 112 | (blob), (blob_len)) 113 | 114 | LIBSSH2_API int 115 | libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY *pkey, 116 | unsigned long *num_keys, 117 | libssh2_publickey_list **pkey_list); 118 | LIBSSH2_API void 119 | libssh2_publickey_list_free(LIBSSH2_PUBLICKEY *pkey, 120 | libssh2_publickey_list *pkey_list); 121 | 122 | LIBSSH2_API int libssh2_publickey_shutdown(LIBSSH2_PUBLICKEY *pkey); 123 | 124 | #ifdef __cplusplus 125 | } /* extern "C" */ 126 | #endif 127 | 128 | #endif /* LIBSSH2_PUBLICKEY_H */ 129 | -------------------------------------------------------------------------------- /Sources/CSSH2/poly1305.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Public Domain poly1305 from Andrew Moon 3 | * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna 4 | * Copyright not intended 2024. 5 | * 6 | * SPDX-License-Identifier: SAX-PD-2.0 7 | */ 8 | 9 | /* $OpenBSD: poly1305.c,v 1.3 2013/12/19 22:57:13 djm Exp $ */ 10 | 11 | #include "libssh2_priv.h" 12 | 13 | #include "poly1305.h" 14 | 15 | #define mul32x32_64(a,b) ((uint64_t)(a) * (b)) 16 | 17 | #define U8TO32_LE(p) \ 18 | (((uint32_t)((p)[0])) | \ 19 | ((uint32_t)((p)[1]) << 8) | \ 20 | ((uint32_t)((p)[2]) << 16) | \ 21 | ((uint32_t)((p)[3]) << 24)) 22 | 23 | #define U32TO8_LE(p, v) \ 24 | do { \ 25 | (p)[0] = (uint8_t)((v)); \ 26 | (p)[1] = (uint8_t)((v) >> 8); \ 27 | (p)[2] = (uint8_t)((v) >> 16); \ 28 | (p)[3] = (uint8_t)((v) >> 24); \ 29 | } while (0) 30 | 31 | void 32 | poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, 33 | size_t inlen, const unsigned char key[POLY1305_KEYLEN]) { 34 | uint32_t t0; 35 | uint32_t t1; 36 | uint32_t t2; 37 | uint32_t t3; 38 | uint32_t h0; 39 | uint32_t h1; 40 | uint32_t h2; 41 | uint32_t h3; 42 | uint32_t h4; 43 | uint32_t r0; 44 | uint32_t r1; 45 | uint32_t r2; 46 | uint32_t r3; 47 | uint32_t r4; 48 | uint32_t s1; 49 | uint32_t s2; 50 | uint32_t s3; 51 | uint32_t s4; 52 | uint32_t b; 53 | uint32_t nb; 54 | size_t j; 55 | uint64_t t[5]; 56 | uint64_t f0; 57 | uint64_t f1; 58 | uint64_t f2; 59 | uint64_t f3; 60 | uint32_t g0; 61 | uint32_t g1; 62 | uint32_t g2; 63 | uint32_t g3; 64 | uint32_t g4; 65 | uint64_t c; 66 | unsigned char mp[16]; 67 | 68 | /* clamp key */ 69 | t0 = U8TO32_LE(key + 0); 70 | t1 = U8TO32_LE(key + 4); 71 | t2 = U8TO32_LE(key + 8); 72 | t3 = U8TO32_LE(key + 12); 73 | 74 | /* precompute multipliers */ 75 | r0 = t0 & 0x3ffffff; t0 >>= 26; t0 |= t1 << 6; 76 | r1 = t0 & 0x3ffff03; t1 >>= 20; t1 |= t2 << 12; 77 | r2 = t1 & 0x3ffc0ff; t2 >>= 14; t2 |= t3 << 18; 78 | r3 = t2 & 0x3f03fff; t3 >>= 8; 79 | r4 = t3 & 0x00fffff; 80 | 81 | s1 = r1 * 5; 82 | s2 = r2 * 5; 83 | s3 = r3 * 5; 84 | s4 = r4 * 5; 85 | 86 | /* init state */ 87 | h0 = 0; 88 | h1 = 0; 89 | h2 = 0; 90 | h3 = 0; 91 | h4 = 0; 92 | 93 | /* full blocks */ 94 | if(inlen < 16) 95 | goto poly1305_donna_atmost15bytes; 96 | 97 | poly1305_donna_16bytes: 98 | m += 16; 99 | inlen -= 16; 100 | 101 | t0 = U8TO32_LE(m-16); 102 | t1 = U8TO32_LE(m-12); 103 | t2 = U8TO32_LE(m-8); 104 | t3 = U8TO32_LE(m-4); 105 | 106 | h0 += t0 & 0x3ffffff; 107 | h1 += ((uint32_t)((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff); 108 | h2 += ((uint32_t)((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff); 109 | h3 += ((uint32_t)((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff); 110 | h4 += (t3 >> 8) | (1 << 24); 111 | 112 | 113 | poly1305_donna_mul: 114 | t[0] = mul32x32_64(h0, r0) + mul32x32_64(h1, s4) + mul32x32_64(h2, s3) + 115 | mul32x32_64(h3, s2) + mul32x32_64(h4, s1); 116 | t[1] = mul32x32_64(h0, r1) + mul32x32_64(h1, r0) + mul32x32_64(h2, s4) + 117 | mul32x32_64(h3, s3) + mul32x32_64(h4, s2); 118 | t[2] = mul32x32_64(h0, r2) + mul32x32_64(h1, r1) + mul32x32_64(h2, r0) + 119 | mul32x32_64(h3, s4) + mul32x32_64(h4, s3); 120 | t[3] = mul32x32_64(h0, r3) + mul32x32_64(h1, r2) + mul32x32_64(h2, r1) + 121 | mul32x32_64(h3, r0) + mul32x32_64(h4, s4); 122 | t[4] = mul32x32_64(h0, r4) + mul32x32_64(h1, r3) + mul32x32_64(h2, r2) + 123 | mul32x32_64(h3, r1) + mul32x32_64(h4, r0); 124 | 125 | h0 = (uint32_t)t[0] & 0x3ffffff; 126 | c = (t[0] >> 26); 127 | 128 | t[1] += c; 129 | h1 = (uint32_t)t[1] & 0x3ffffff; 130 | b = (uint32_t)(t[1] >> 26); 131 | 132 | t[2] += b; 133 | h2 = (uint32_t)t[2] & 0x3ffffff; 134 | b = (uint32_t)(t[2] >> 26); 135 | 136 | t[3] += b; 137 | h3 = (uint32_t)t[3] & 0x3ffffff; 138 | b = (uint32_t)(t[3] >> 26); 139 | 140 | t[4] += b; 141 | h4 = (uint32_t)t[4] & 0x3ffffff; 142 | b = (uint32_t)(t[4] >> 26); 143 | 144 | h0 += b * 5; 145 | 146 | if(inlen >= 16) 147 | goto poly1305_donna_16bytes; 148 | 149 | /* final bytes */ 150 | poly1305_donna_atmost15bytes: 151 | if(!inlen) 152 | goto poly1305_donna_finish; 153 | 154 | for(j = 0; j < inlen; j++) mp[j] = m[j]; 155 | mp[j++] = 1; 156 | for(; j < 16; j++) 157 | mp[j] = 0; 158 | 159 | inlen = 0; 160 | 161 | t0 = U8TO32_LE(mp + 0); 162 | t1 = U8TO32_LE(mp + 4); 163 | t2 = U8TO32_LE(mp + 8); 164 | t3 = U8TO32_LE(mp + 12); 165 | 166 | h0 += t0 & 0x3ffffff; 167 | h1 += ((uint32_t)((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff); 168 | h2 += ((uint32_t)((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff); 169 | h3 += ((uint32_t)((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff); 170 | h4 += (t3 >> 8); 171 | 172 | goto poly1305_donna_mul; 173 | 174 | poly1305_donna_finish: 175 | b = h0 >> 26; h0 = h0 & 0x3ffffff; 176 | h1 += b; b = h1 >> 26; h1 = h1 & 0x3ffffff; 177 | h2 += b; b = h2 >> 26; h2 = h2 & 0x3ffffff; 178 | h3 += b; b = h3 >> 26; h3 = h3 & 0x3ffffff; 179 | h4 += b; b = h4 >> 26; h4 = h4 & 0x3ffffff; 180 | h0 += b * 5; b = h0 >> 26; h0 = h0 & 0x3ffffff; 181 | h1 += b; 182 | 183 | g0 = h0 + 5; b = g0 >> 26; g0 &= 0x3ffffff; 184 | g1 = h1 + b; b = g1 >> 26; g1 &= 0x3ffffff; 185 | g2 = h2 + b; b = g2 >> 26; g2 &= 0x3ffffff; 186 | g3 = h3 + b; b = g3 >> 26; g3 &= 0x3ffffff; 187 | g4 = h4 + b - (1 << 26); 188 | 189 | b = (g4 >> 31) - 1; 190 | nb = ~b; 191 | h0 = (h0 & nb) | (g0 & b); 192 | h1 = (h1 & nb) | (g1 & b); 193 | h2 = (h2 & nb) | (g2 & b); 194 | h3 = (h3 & nb) | (g3 & b); 195 | h4 = (h4 & nb) | (g4 & b); 196 | 197 | f0 = ((h0 ) | (h1 << 26)) + (uint64_t)U8TO32_LE(&key[16]); 198 | f1 = ((h1 >> 6) | (h2 << 20)) + (uint64_t)U8TO32_LE(&key[20]); 199 | f2 = ((h2 >> 12) | (h3 << 14)) + (uint64_t)U8TO32_LE(&key[24]); 200 | f3 = ((h3 >> 18) | (h4 << 8)) + (uint64_t)U8TO32_LE(&key[28]); 201 | 202 | U32TO8_LE(&out[ 0], f0); f1 += (f0 >> 32); 203 | U32TO8_LE(&out[ 4], f1); f2 += (f1 >> 32); 204 | U32TO8_LE(&out[ 8], f2); f3 += (f2 >> 32); 205 | U32TO8_LE(&out[12], f3); 206 | } 207 | -------------------------------------------------------------------------------- /Sources/CSSH2/misc.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBSSH2_MISC_H 2 | #define LIBSSH2_MISC_H 3 | /* Copyright (C) Daniel Stenberg 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, 7 | * with or without modification, are permitted provided 8 | * that the following conditions are met: 9 | * 10 | * Redistributions of source code must retain the above 11 | * copyright notice, this list of conditions and the 12 | * following disclaimer. 13 | * 14 | * Redistributions in binary form must reproduce the above 15 | * copyright notice, this list of conditions and the following 16 | * disclaimer in the documentation and/or other materials 17 | * provided with the distribution. 18 | * 19 | * Neither the name of the copyright holder nor the names 20 | * of any other contributors may be used to endorse or 21 | * promote products derived from this software without 22 | * specific prior written permission. 23 | * 24 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 25 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 26 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 29 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 30 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 31 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 32 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 33 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 34 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 35 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 36 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 37 | * OF SUCH DAMAGE. 38 | * 39 | * SPDX-License-Identifier: BSD-3-Clause 40 | */ 41 | 42 | #ifdef LIBSSH2_NO_CLEAR_MEMORY 43 | #define _libssh2_explicit_zero(buf, size) do { \ 44 | (void)(buf); \ 45 | (void)(size); \ 46 | } while(0) 47 | #elif defined(_WIN32) 48 | #define _libssh2_explicit_zero(buf, size) SecureZeroMemory(buf, size) 49 | #elif defined(HAVE_EXPLICIT_BZERO) 50 | #define _libssh2_explicit_zero(buf, size) explicit_bzero(buf, size) 51 | #elif defined(HAVE_EXPLICIT_MEMSET) 52 | #define _libssh2_explicit_zero(buf, size) (void)explicit_memset(buf, 0, size) 53 | #elif defined(HAVE_MEMSET_S) 54 | #define _libssh2_explicit_zero(buf, size) (void)memset_s(buf, size, 0, size) 55 | #else 56 | #define LIBSSH2_MEMZERO 57 | void _libssh2_memzero(void *buf, size_t size); 58 | #define _libssh2_explicit_zero(buf, size) _libssh2_memzero(buf, size) 59 | #endif 60 | 61 | struct list_head { 62 | struct list_node *last; 63 | struct list_node *first; 64 | }; 65 | 66 | struct list_node { 67 | struct list_node *next; 68 | struct list_node *prev; 69 | struct list_head *head; 70 | }; 71 | 72 | struct string_buf { 73 | unsigned char *data; 74 | unsigned char *dataptr; 75 | size_t len; 76 | }; 77 | 78 | int _libssh2_error_flags(LIBSSH2_SESSION* session, int errcode, 79 | const char *errmsg, int errflags); 80 | int _libssh2_error(LIBSSH2_SESSION* session, int errcode, const char *errmsg); 81 | 82 | #ifdef _WIN32 83 | /* Convert Win32 WSAGetLastError to errno equivalent */ 84 | int _libssh2_wsa2errno(void); 85 | #endif 86 | 87 | void _libssh2_list_init(struct list_head *head); 88 | 89 | /* add a node last in the list */ 90 | void _libssh2_list_add(struct list_head *head, 91 | struct list_node *entry); 92 | 93 | /* return the "first" node in the list this head points to */ 94 | void *_libssh2_list_first(struct list_head *head); 95 | 96 | /* return the next node in the list */ 97 | void *_libssh2_list_next(struct list_node *node); 98 | 99 | /* return the prev node in the list */ 100 | void *_libssh2_list_prev(struct list_node *node); 101 | 102 | /* remove this node from the list */ 103 | void _libssh2_list_remove(struct list_node *entry); 104 | 105 | int _libssh2_base64_decode(LIBSSH2_SESSION *session, 106 | char **data, size_t *datalen, 107 | const char *src, size_t src_len); 108 | size_t _libssh2_base64_encode(LIBSSH2_SESSION *session, 109 | const char *inp, size_t insize, char **outptr); 110 | 111 | uint32_t _libssh2_ntohu32(const unsigned char *buf); 112 | libssh2_uint64_t _libssh2_ntohu64(const unsigned char *buf); 113 | void _libssh2_htonu32(unsigned char *buf, uint32_t val); 114 | void _libssh2_store_u32(unsigned char **buf, uint32_t value); 115 | void _libssh2_store_u64(unsigned char **buf, libssh2_uint64_t value); 116 | int _libssh2_store_str(unsigned char **buf, const char *str, size_t len); 117 | int _libssh2_store_bignum2_bytes(unsigned char **buf, 118 | const unsigned char *bytes, 119 | size_t len); 120 | void *_libssh2_calloc(LIBSSH2_SESSION *session, size_t size); 121 | 122 | struct string_buf *_libssh2_string_buf_new(LIBSSH2_SESSION *session); 123 | void _libssh2_string_buf_free(LIBSSH2_SESSION *session, 124 | struct string_buf *buf); 125 | int _libssh2_get_boolean(struct string_buf *buf, unsigned char *out); 126 | int _libssh2_get_byte(struct string_buf *buf, unsigned char *out); 127 | int _libssh2_get_u32(struct string_buf *buf, uint32_t *out); 128 | int _libssh2_get_u64(struct string_buf *buf, libssh2_uint64_t *out); 129 | int _libssh2_match_string(struct string_buf *buf, const char *match); 130 | int _libssh2_get_string(struct string_buf *buf, unsigned char **outbuf, 131 | size_t *outlen); 132 | int _libssh2_copy_string(LIBSSH2_SESSION* session, struct string_buf *buf, 133 | unsigned char **outbuf, size_t *outlen); 134 | int _libssh2_get_bignum_bytes(struct string_buf *buf, unsigned char **outbuf, 135 | size_t *outlen); 136 | int _libssh2_check_length(struct string_buf *buf, size_t requested_len); 137 | int _libssh2_eob(struct string_buf *buf); 138 | 139 | void _libssh2_xor_data(unsigned char *output, 140 | const unsigned char *input1, 141 | const unsigned char *input2, 142 | size_t length); 143 | 144 | void _libssh2_aes_ctr_increment(unsigned char *ctr, size_t length); 145 | 146 | #endif /* LIBSSH2_MISC_H */ 147 | -------------------------------------------------------------------------------- /Sources/CSSH2/userauth_kbd_packet.c: -------------------------------------------------------------------------------- 1 | /* Copyright (C) Xaver Loppenstedt 2 | * All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, 5 | * with or without modification, are permitted provided 6 | * that the following conditions are met: 7 | * 8 | * Redistributions of source code must retain the above 9 | * copyright notice, this list of conditions and the 10 | * following disclaimer. 11 | * 12 | * Redistributions in binary form must reproduce the above 13 | * copyright notice, this list of conditions and the following 14 | * disclaimer in the documentation and/or other materials 15 | * provided with the distribution. 16 | * 17 | * Neither the name of the copyright holder nor the names 18 | * of any other contributors may be used to endorse or 19 | * promote products derived from this software without 20 | * specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 23 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 24 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 27 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 29 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 30 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 32 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 34 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 35 | * OF SUCH DAMAGE. 36 | * 37 | * SPDX-License-Identifier: BSD-3-Clause 38 | */ 39 | 40 | #include "libssh2_priv.h" 41 | #include "userauth_kbd_packet.h" 42 | 43 | int userauth_keyboard_interactive_decode_info_request(LIBSSH2_SESSION *session) 44 | { 45 | unsigned char *language_tag; 46 | size_t language_tag_len; 47 | unsigned int i; 48 | unsigned char packet_type; 49 | uint32_t tmp_u32; 50 | 51 | struct string_buf decoded; 52 | 53 | decoded.data = session->userauth_kybd_data; 54 | decoded.dataptr = session->userauth_kybd_data; 55 | decoded.len = session->userauth_kybd_data_len; 56 | 57 | if(session->userauth_kybd_data_len < 17) { 58 | _libssh2_error(session, LIBSSH2_ERROR_BUFFER_TOO_SMALL, 59 | "userauth keyboard data buffer too small " 60 | "to get length"); 61 | return -1; 62 | } 63 | 64 | /* byte SSH_MSG_USERAUTH_INFO_REQUEST */ 65 | _libssh2_get_byte(&decoded, &packet_type); 66 | 67 | /* string name (ISO-10646 UTF-8) */ 68 | if(_libssh2_copy_string(session, &decoded, 69 | &session->userauth_kybd_auth_name, 70 | &session->userauth_kybd_auth_name_len) == -1) { 71 | _libssh2_error(session, LIBSSH2_ERROR_ALLOC, 72 | "Unable to decode " 73 | "keyboard-interactive 'name' " 74 | "request field"); 75 | return -1; 76 | } 77 | 78 | /* string instruction (ISO-10646 UTF-8) */ 79 | if(_libssh2_copy_string(session, &decoded, 80 | &session->userauth_kybd_auth_instruction, 81 | &session->userauth_kybd_auth_instruction_len) 82 | == -1) { 83 | _libssh2_error(session, LIBSSH2_ERROR_ALLOC, 84 | "Unable to decode " 85 | "keyboard-interactive 'instruction' " 86 | "request field"); 87 | return -1; 88 | } 89 | 90 | /* string language tag (as defined in [RFC-3066]) */ 91 | if(_libssh2_get_string(&decoded, &language_tag, 92 | &language_tag_len) == -1) { 93 | _libssh2_error(session, LIBSSH2_ERROR_ALLOC, 94 | "Unable to decode " 95 | "keyboard-interactive 'language tag' " 96 | "request field"); 97 | return -1; 98 | } 99 | 100 | /* int num-prompts */ 101 | if(_libssh2_get_u32(&decoded, &tmp_u32) == -1 || 102 | (session->userauth_kybd_num_prompts = tmp_u32) != tmp_u32) { 103 | _libssh2_error(session, LIBSSH2_ERROR_BUFFER_TOO_SMALL, 104 | "Unable to decode " 105 | "keyboard-interactive number of keyboard prompts"); 106 | return -1; 107 | } 108 | 109 | if(session->userauth_kybd_num_prompts > 100) { 110 | _libssh2_error(session, LIBSSH2_ERROR_OUT_OF_BOUNDARY, 111 | "Too many replies for " 112 | "keyboard-interactive prompts"); 113 | return -1; 114 | } 115 | 116 | if(session->userauth_kybd_num_prompts == 0) { 117 | return 0; 118 | } 119 | 120 | session->userauth_kybd_prompts = 121 | LIBSSH2_CALLOC(session, 122 | sizeof(LIBSSH2_USERAUTH_KBDINT_PROMPT) * 123 | session->userauth_kybd_num_prompts); 124 | if(!session->userauth_kybd_prompts) { 125 | _libssh2_error(session, LIBSSH2_ERROR_ALLOC, 126 | "Unable to allocate memory for " 127 | "keyboard-interactive prompts array"); 128 | return -1; 129 | } 130 | 131 | session->userauth_kybd_responses = 132 | LIBSSH2_CALLOC(session, 133 | sizeof(LIBSSH2_USERAUTH_KBDINT_RESPONSE) * 134 | session->userauth_kybd_num_prompts); 135 | if(!session->userauth_kybd_responses) { 136 | _libssh2_error(session, LIBSSH2_ERROR_ALLOC, 137 | "Unable to allocate memory for " 138 | "keyboard-interactive responses array"); 139 | return -1; 140 | } 141 | 142 | for(i = 0; i < session->userauth_kybd_num_prompts; i++) { 143 | /* string prompt[1] (ISO-10646 UTF-8) */ 144 | if(_libssh2_copy_string(session, &decoded, 145 | &session->userauth_kybd_prompts[i].text, 146 | &session->userauth_kybd_prompts[i].length) 147 | == -1) { 148 | _libssh2_error(session, LIBSSH2_ERROR_ALLOC, 149 | "Unable to decode " 150 | "keyboard-interactive prompt message"); 151 | return -1; 152 | } 153 | 154 | /* boolean echo[1] */ 155 | if(_libssh2_get_boolean(&decoded, 156 | &session->userauth_kybd_prompts[i].echo) 157 | == -1) { 158 | _libssh2_error(session, LIBSSH2_ERROR_BUFFER_TOO_SMALL, 159 | "Unable to decode " 160 | "user auth keyboard prompt echo"); 161 | return -1; 162 | } 163 | } 164 | 165 | return 0; 166 | } 167 | -------------------------------------------------------------------------------- /Sources/CSSH2/chacha.c: -------------------------------------------------------------------------------- 1 | /* 2 | * chacha-merged.c version 20080118 3 | * D. J. Bernstein 4 | * Public domain. 5 | * Copyright not intended 2024. 6 | * 7 | * SPDX-License-Identifier: SAX-PD-2.0 8 | */ 9 | 10 | #include "libssh2_priv.h" 11 | 12 | #include "chacha.h" 13 | 14 | /* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */ 15 | 16 | typedef unsigned char u8; 17 | typedef unsigned int u32; 18 | 19 | typedef struct chacha_ctx chacha_ctx; 20 | 21 | #define U8C(v) (v##U) 22 | #define U32C(v) (v##U) 23 | 24 | #define U8V(v) ((u8)(v) & U8C(0xFF)) 25 | #define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) 26 | 27 | #define ROTL32(v, n) \ 28 | (U32V((v) << (n)) | ((v) >> (32 - (n)))) 29 | 30 | #define U8TO32_LITTLE(p) \ 31 | (((u32)((p)[0]) ) | \ 32 | ((u32)((p)[1]) << 8) | \ 33 | ((u32)((p)[2]) << 16) | \ 34 | ((u32)((p)[3]) << 24)) 35 | 36 | #define U32TO8_LITTLE(p, v) \ 37 | do { \ 38 | (p)[0] = U8V((v) ); \ 39 | (p)[1] = U8V((v) >> 8); \ 40 | (p)[2] = U8V((v) >> 16); \ 41 | (p)[3] = U8V((v) >> 24); \ 42 | } while (0) 43 | 44 | #define ROTATE(v,c) (ROTL32(v,c)) 45 | #define XOR(v,w) ((v) ^ (w)) 46 | #define PLUS(v,w) (U32V((v) + (w))) 47 | #define PLUSONE(v) (PLUS((v),1)) 48 | 49 | #define QUARTERROUND(a,b,c,d) \ 50 | a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ 51 | c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ 52 | a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ 53 | c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); 54 | 55 | static const char sigma[17] = "expand 32-byte k"; 56 | static const char tau[17] = "expand 16-byte k"; 57 | 58 | void 59 | chacha_keysetup(chacha_ctx *x, const u8 *k, u32 kbits) 60 | { 61 | const char *constants; 62 | 63 | x->input[4] = U8TO32_LITTLE(k + 0); 64 | x->input[5] = U8TO32_LITTLE(k + 4); 65 | x->input[6] = U8TO32_LITTLE(k + 8); 66 | x->input[7] = U8TO32_LITTLE(k + 12); 67 | if(kbits == 256) { /* recommended */ 68 | k += 16; 69 | constants = sigma; 70 | } 71 | else { /* kbits == 128 */ 72 | constants = tau; 73 | } 74 | x->input[8] = U8TO32_LITTLE(k + 0); 75 | x->input[9] = U8TO32_LITTLE(k + 4); 76 | x->input[10] = U8TO32_LITTLE(k + 8); 77 | x->input[11] = U8TO32_LITTLE(k + 12); 78 | x->input[0] = U8TO32_LITTLE(constants + 0); 79 | x->input[1] = U8TO32_LITTLE(constants + 4); 80 | x->input[2] = U8TO32_LITTLE(constants + 8); 81 | x->input[3] = U8TO32_LITTLE(constants + 12); 82 | } 83 | 84 | void 85 | chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter) 86 | { 87 | x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0); 88 | x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4); 89 | x->input[14] = U8TO32_LITTLE(iv + 0); 90 | x->input[15] = U8TO32_LITTLE(iv + 4); 91 | } 92 | 93 | void 94 | chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, u32 bytes) 95 | { 96 | u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; 97 | u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; 98 | u8 *ctarget = NULL; 99 | u8 tmp[64]; 100 | u_int i; 101 | 102 | if(!bytes) 103 | return; 104 | 105 | j0 = x->input[0]; 106 | j1 = x->input[1]; 107 | j2 = x->input[2]; 108 | j3 = x->input[3]; 109 | j4 = x->input[4]; 110 | j5 = x->input[5]; 111 | j6 = x->input[6]; 112 | j7 = x->input[7]; 113 | j8 = x->input[8]; 114 | j9 = x->input[9]; 115 | j10 = x->input[10]; 116 | j11 = x->input[11]; 117 | j12 = x->input[12]; 118 | j13 = x->input[13]; 119 | j14 = x->input[14]; 120 | j15 = x->input[15]; 121 | 122 | for(;;) { 123 | if(bytes < 64) { 124 | for(i = 0; i < bytes;++i) tmp[i] = m[i]; 125 | m = tmp; 126 | ctarget = c; 127 | c = tmp; 128 | } 129 | x0 = j0; 130 | x1 = j1; 131 | x2 = j2; 132 | x3 = j3; 133 | x4 = j4; 134 | x5 = j5; 135 | x6 = j6; 136 | x7 = j7; 137 | x8 = j8; 138 | x9 = j9; 139 | x10 = j10; 140 | x11 = j11; 141 | x12 = j12; 142 | x13 = j13; 143 | x14 = j14; 144 | x15 = j15; 145 | for(i = 20; i > 0; i -= 2) { 146 | QUARTERROUND(x0, x4, x8, x12) 147 | QUARTERROUND(x1, x5, x9, x13) 148 | QUARTERROUND(x2, x6, x10, x14) 149 | QUARTERROUND(x3, x7, x11, x15) 150 | QUARTERROUND(x0, x5, x10, x15) 151 | QUARTERROUND(x1, x6, x11, x12) 152 | QUARTERROUND(x2, x7, x8, x13) 153 | QUARTERROUND(x3, x4, x9, x14) 154 | } 155 | x0 = PLUS(x0, j0); 156 | x1 = PLUS(x1, j1); 157 | x2 = PLUS(x2, j2); 158 | x3 = PLUS(x3, j3); 159 | x4 = PLUS(x4, j4); 160 | x5 = PLUS(x5, j5); 161 | x6 = PLUS(x6, j6); 162 | x7 = PLUS(x7, j7); 163 | x8 = PLUS(x8, j8); 164 | x9 = PLUS(x9, j9); 165 | x10 = PLUS(x10, j10); 166 | x11 = PLUS(x11, j11); 167 | x12 = PLUS(x12, j12); 168 | x13 = PLUS(x13, j13); 169 | x14 = PLUS(x14, j14); 170 | x15 = PLUS(x15, j15); 171 | 172 | x0 = XOR(x0, U8TO32_LITTLE(m + 0)); 173 | x1 = XOR(x1, U8TO32_LITTLE(m + 4)); 174 | x2 = XOR(x2, U8TO32_LITTLE(m + 8)); 175 | x3 = XOR(x3, U8TO32_LITTLE(m + 12)); 176 | x4 = XOR(x4, U8TO32_LITTLE(m + 16)); 177 | x5 = XOR(x5, U8TO32_LITTLE(m + 20)); 178 | x6 = XOR(x6, U8TO32_LITTLE(m + 24)); 179 | x7 = XOR(x7, U8TO32_LITTLE(m + 28)); 180 | x8 = XOR(x8, U8TO32_LITTLE(m + 32)); 181 | x9 = XOR(x9, U8TO32_LITTLE(m + 36)); 182 | x10 = XOR(x10, U8TO32_LITTLE(m + 40)); 183 | x11 = XOR(x11, U8TO32_LITTLE(m + 44)); 184 | x12 = XOR(x12, U8TO32_LITTLE(m + 48)); 185 | x13 = XOR(x13, U8TO32_LITTLE(m + 52)); 186 | x14 = XOR(x14, U8TO32_LITTLE(m + 56)); 187 | x15 = XOR(x15, U8TO32_LITTLE(m + 60)); 188 | 189 | j12 = PLUSONE(j12); 190 | if(!j12) { 191 | j13 = PLUSONE(j13); 192 | /* stopping at 2^70 bytes per nonce is user's responsibility */ 193 | } 194 | 195 | U32TO8_LITTLE(c + 0, x0); 196 | U32TO8_LITTLE(c + 4, x1); 197 | U32TO8_LITTLE(c + 8, x2); 198 | U32TO8_LITTLE(c + 12, x3); 199 | U32TO8_LITTLE(c + 16, x4); 200 | U32TO8_LITTLE(c + 20, x5); 201 | U32TO8_LITTLE(c + 24, x6); 202 | U32TO8_LITTLE(c + 28, x7); 203 | U32TO8_LITTLE(c + 32, x8); 204 | U32TO8_LITTLE(c + 36, x9); 205 | U32TO8_LITTLE(c + 40, x10); 206 | U32TO8_LITTLE(c + 44, x11); 207 | U32TO8_LITTLE(c + 48, x12); 208 | U32TO8_LITTLE(c + 52, x13); 209 | U32TO8_LITTLE(c + 56, x14); 210 | U32TO8_LITTLE(c + 60, x15); 211 | 212 | if(bytes <= 64) { 213 | if(bytes < 64) { 214 | for(i = 0; i < bytes;++i) ctarget[i] = c[i]; 215 | } 216 | x->input[12] = j12; 217 | x->input[13] = j13; 218 | return; 219 | } 220 | bytes -= 64; 221 | c += 64; 222 | m += 64; 223 | } 224 | } 225 | -------------------------------------------------------------------------------- /Sources/CSSH2/bcrypt_pbkdf.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: bcrypt_pbkdf.c,v 1.4 2013/07/29 00:55:53 tedu Exp $ */ 2 | /* 3 | * Copyright (C) Ted Unangst 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | * 17 | * SPDX-License-Identifier: MIT 18 | */ 19 | 20 | #include "libssh2_priv.h" 21 | 22 | #ifndef HAVE_BCRYPT_PBKDF 23 | 24 | #include 25 | 26 | #define LIBSSH2_BCRYPT_PBKDF_C 27 | #include "blowfish.c" 28 | 29 | /* 30 | * pkcs #5 pbkdf2 implementation using the "bcrypt" hash 31 | * 32 | * The bcrypt hash function is derived from the bcrypt password hashing 33 | * function with the following modifications: 34 | * 1. The input password and salt are preprocessed with SHA512. 35 | * 2. The output length is expanded to 256 bits. 36 | * 3. Subsequently the magic string to be encrypted is lengthened and modified 37 | * to "OxychromaticBlowfishSwatDynamite" 38 | * 4. The hash function is defined to perform 64 rounds of initial state 39 | * expansion. (More rounds are performed by iterating the hash.) 40 | * 41 | * Note that this implementation pulls the SHA512 operations into the caller 42 | * as a performance optimization. 43 | * 44 | * One modification from official pbkdf2. Instead of outputting key material 45 | * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to 46 | * generate (i.e.) 512 bits of key material for use as two 256 bit keys, an 47 | * attacker can merely run once through the outer loop below, but the user 48 | * always runs it twice. Shuffling output bytes requires computing the 49 | * entirety of the key material to assemble any subkey. This is something a 50 | * wise caller could do; we just do it for you. 51 | */ 52 | 53 | #define BCRYPT_BLOCKS 8 54 | #define BCRYPT_HASHSIZE (BCRYPT_BLOCKS * 4) 55 | 56 | static void 57 | bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out) 58 | { 59 | blf_ctx state; 60 | uint8_t ciphertext[BCRYPT_HASHSIZE] = { 61 | 'O', 'x', 'y', 'c', 'h', 'r', 'o', 'm', 'a', 't', 'i', 'c', 62 | 'B', 'l', 'o', 'w', 'f', 'i', 's', 'h', 63 | 'S', 'w', 'a', 't', 64 | 'D', 'y', 'n', 'a', 'm', 'i', 't', 'e' }; 65 | uint32_t cdata[BCRYPT_BLOCKS]; 66 | int i; 67 | uint16_t j; 68 | uint16_t shalen = SHA512_DIGEST_LENGTH; 69 | 70 | /* key expansion */ 71 | Blowfish_initstate(&state); 72 | Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen); 73 | for(i = 0; i < 64; i++) { 74 | Blowfish_expand0state(&state, sha2salt, shalen); 75 | Blowfish_expand0state(&state, sha2pass, shalen); 76 | } 77 | 78 | /* encryption */ 79 | j = 0; 80 | for(i = 0; i < BCRYPT_BLOCKS; i++) 81 | cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext), 82 | &j); 83 | for(i = 0; i < 64; i++) 84 | blf_enc(&state, cdata, BCRYPT_BLOCKS / 2); 85 | 86 | /* copy out */ 87 | for(i = 0; i < BCRYPT_BLOCKS; i++) { 88 | out[4 * i + 3] = (uint8_t)((cdata[i] >> 24) & 0xff); 89 | out[4 * i + 2] = (cdata[i] >> 16) & 0xff; 90 | out[4 * i + 1] = (cdata[i] >> 8) & 0xff; 91 | out[4 * i + 0] = cdata[i] & 0xff; 92 | } 93 | 94 | /* zap */ 95 | _libssh2_explicit_zero(ciphertext, sizeof(ciphertext)); 96 | _libssh2_explicit_zero(cdata, sizeof(cdata)); 97 | _libssh2_explicit_zero(&state, sizeof(state)); 98 | } 99 | 100 | static int 101 | bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, 102 | size_t saltlen, 103 | uint8_t *key, size_t keylen, unsigned int rounds) 104 | { 105 | uint8_t sha2pass[SHA512_DIGEST_LENGTH]; 106 | uint8_t sha2salt[SHA512_DIGEST_LENGTH]; 107 | uint8_t out[BCRYPT_HASHSIZE]; 108 | uint8_t tmpout[BCRYPT_HASHSIZE]; 109 | uint8_t *countsalt; 110 | size_t i, j, amt, stride; 111 | uint32_t count; 112 | size_t origkeylen = keylen; 113 | libssh2_sha512_ctx ctx; 114 | 115 | /* nothing crazy */ 116 | if(rounds < 1) 117 | return -1; 118 | if(passlen == 0 || saltlen == 0 || keylen == 0 || 119 | keylen > sizeof(out) * sizeof(out) || saltlen > 1 << 20) 120 | return -1; 121 | countsalt = calloc(1, saltlen + 4); 122 | if(!countsalt) 123 | return -1; 124 | stride = (keylen + sizeof(out) - 1) / sizeof(out); 125 | amt = (keylen + stride - 1) / stride; 126 | 127 | memcpy(countsalt, salt, saltlen); 128 | 129 | /* collapse password */ 130 | if(!libssh2_sha512_init(&ctx) || 131 | !libssh2_sha512_update(ctx, pass, passlen) || 132 | !libssh2_sha512_final(ctx, sha2pass)) { 133 | free(countsalt); 134 | return -1; 135 | } 136 | 137 | /* generate key, sizeof(out) at a time */ 138 | for(count = 1; keylen > 0; count++) { 139 | countsalt[saltlen + 0] = (uint8_t)((count >> 24) & 0xff); 140 | countsalt[saltlen + 1] = (count >> 16) & 0xff; 141 | countsalt[saltlen + 2] = (count >> 8) & 0xff; 142 | countsalt[saltlen + 3] = count & 0xff; 143 | 144 | /* first round, salt is salt */ 145 | if(!libssh2_sha512_init(&ctx) || 146 | !libssh2_sha512_update(ctx, countsalt, saltlen + 4) || 147 | !libssh2_sha512_final(ctx, sha2salt)) { 148 | _libssh2_explicit_zero(out, sizeof(out)); 149 | free(countsalt); 150 | return -1; 151 | } 152 | 153 | bcrypt_hash(sha2pass, sha2salt, tmpout); 154 | memcpy(out, tmpout, sizeof(out)); 155 | 156 | for(i = 1; i < rounds; i++) { 157 | /* subsequent rounds, salt is previous output */ 158 | if(!libssh2_sha512_init(&ctx) || 159 | !libssh2_sha512_update(ctx, tmpout, sizeof(tmpout)) || 160 | !libssh2_sha512_final(ctx, sha2salt)) { 161 | _libssh2_explicit_zero(out, sizeof(out)); 162 | free(countsalt); 163 | return -1; 164 | } 165 | 166 | bcrypt_hash(sha2pass, sha2salt, tmpout); 167 | for(j = 0; j < sizeof(out); j++) 168 | out[j] ^= tmpout[j]; 169 | } 170 | 171 | /* 172 | * pbkdf2 deviation: output the key material non-linearly. 173 | */ 174 | amt = LIBSSH2_MIN(amt, keylen); 175 | for(i = 0; i < amt; i++) { 176 | size_t dest = i * stride + (count - 1); 177 | if(dest >= origkeylen) { 178 | break; 179 | } 180 | key[dest] = out[i]; 181 | } 182 | keylen -= i; 183 | } 184 | 185 | /* zap */ 186 | _libssh2_explicit_zero(out, sizeof(out)); 187 | free(countsalt); 188 | 189 | return 0; 190 | } 191 | #endif /* HAVE_BCRYPT_PBKDF */ 192 | 193 | /* Wrapper */ 194 | 195 | int _libssh2_bcrypt_pbkdf(const char *pass, 196 | size_t passlen, 197 | const uint8_t *salt, 198 | size_t saltlen, 199 | uint8_t *key, 200 | size_t keylen, 201 | unsigned int rounds) 202 | { 203 | return bcrypt_pbkdf(pass, 204 | passlen, 205 | salt, 206 | saltlen, 207 | key, 208 | keylen, 209 | rounds); 210 | } 211 | -------------------------------------------------------------------------------- /Sources/CSSH2/sftp.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBSSH2_SFTP_PRIV_H 2 | #define LIBSSH2_SFTP_PRIV_H 3 | /* 4 | * Copyright (C) Daniel Stenberg 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, 8 | * with or without modification, are permitted provided 9 | * that the following conditions are met: 10 | * 11 | * Redistributions of source code must retain the above 12 | * copyright notice, this list of conditions and the 13 | * following disclaimer. 14 | * 15 | * Redistributions in binary form must reproduce the above 16 | * copyright notice, this list of conditions and the following 17 | * disclaimer in the documentation and/or other materials 18 | * provided with the distribution. 19 | * 20 | * Neither the name of the copyright holder nor the names 21 | * of any other contributors may be used to endorse or 22 | * promote products derived from this software without 23 | * specific prior written permission. 24 | * 25 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 26 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 27 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 30 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 31 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 32 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 33 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 35 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 36 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 37 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 38 | * OF SUCH DAMAGE. 39 | * 40 | * SPDX-License-Identifier: BSD-3-Clause 41 | */ 42 | 43 | /* 44 | * MAX_SFTP_OUTGOING_SIZE MUST not be larger than 32500 or so. This is the 45 | * amount of data sent in each FXP_WRITE packet 46 | */ 47 | #define MAX_SFTP_OUTGOING_SIZE 30000 48 | 49 | /* MAX_SFTP_READ_SIZE is how much data is asked for at max in each FXP_READ 50 | * packets. 51 | */ 52 | #define MAX_SFTP_READ_SIZE 30000 53 | 54 | struct sftp_pipeline_chunk { 55 | struct list_node node; 56 | libssh2_uint64_t offset; /* READ: offset at which to start reading 57 | WRITE: not used */ 58 | size_t len; /* WRITE: size of the data to write 59 | READ: how many bytes that was asked for */ 60 | size_t sent; 61 | ssize_t lefttosend; /* if 0, the entire packet has been sent off */ 62 | uint32_t request_id; 63 | unsigned char packet[1]; /* data */ 64 | }; 65 | 66 | struct sftp_zombie_requests { 67 | struct list_node node; 68 | uint32_t request_id; 69 | }; 70 | 71 | struct _LIBSSH2_SFTP_PACKET 72 | { 73 | struct list_node node; /* linked list header */ 74 | uint32_t request_id; 75 | unsigned char *data; 76 | size_t data_len; /* payload size */ 77 | }; 78 | 79 | typedef struct _LIBSSH2_SFTP_PACKET LIBSSH2_SFTP_PACKET; 80 | 81 | /* Increasing from 256 to 4092 since OpenSSH doesn't honor it. */ 82 | #define SFTP_HANDLE_MAXLEN 4092 /* according to spec, this should be 256! */ 83 | 84 | struct _LIBSSH2_SFTP_HANDLE 85 | { 86 | struct list_node node; 87 | 88 | LIBSSH2_SFTP *sftp; 89 | 90 | char handle[SFTP_HANDLE_MAXLEN]; 91 | size_t handle_len; 92 | 93 | enum { 94 | LIBSSH2_SFTP_HANDLE_FILE, 95 | LIBSSH2_SFTP_HANDLE_DIR 96 | } handle_type; 97 | 98 | union _libssh2_sftp_handle_data 99 | { 100 | struct _libssh2_sftp_handle_file_data 101 | { 102 | libssh2_uint64_t offset; 103 | libssh2_uint64_t offset_sent; 104 | size_t acked; /* container for acked data that hasn't been 105 | returned to caller yet, used for sftp_write */ 106 | 107 | /* 'data' is used by sftp_read() and is allocated data that has 108 | been received already from the server but wasn't returned to 109 | the caller yet. It is of size 'data_len' and 'data_left is the 110 | number of bytes not yet returned, counted from the end of the 111 | buffer. */ 112 | unsigned char *data; 113 | size_t data_len; 114 | size_t data_left; 115 | 116 | char eof; /* we have read to the end */ 117 | } file; 118 | struct _libssh2_sftp_handle_dir_data 119 | { 120 | uint32_t names_left; 121 | void *names_packet; 122 | char *next_name; 123 | size_t names_packet_len; 124 | } dir; 125 | } u; 126 | 127 | /* State variables used in libssh2_sftp_close_handle() */ 128 | libssh2_nonblocking_states close_state; 129 | uint32_t close_request_id; 130 | unsigned char *close_packet; 131 | 132 | /* list of outstanding packets sent to server */ 133 | struct list_head packet_list; 134 | 135 | }; 136 | 137 | struct _LIBSSH2_SFTP 138 | { 139 | LIBSSH2_CHANNEL *channel; 140 | 141 | uint32_t request_id, version, posix_rename_version; 142 | 143 | struct list_head packets; 144 | 145 | /* List of FXP_READ responses to ignore because EOF already received. */ 146 | struct list_head zombie_requests; 147 | 148 | /* a list of _LIBSSH2_SFTP_HANDLE structs */ 149 | struct list_head sftp_handles; 150 | 151 | uint32_t last_errno; 152 | 153 | /* Holder for partial packet, use in libssh2_sftp_packet_read() */ 154 | unsigned char packet_header[9]; 155 | /* packet size (4) packet type (1) request id (4) */ 156 | size_t packet_header_len; /* packet_header length */ 157 | unsigned char *partial_packet; /* The data, with header */ 158 | uint32_t partial_len; /* Desired number of bytes */ 159 | size_t partial_received; /* Bytes received so far */ 160 | 161 | /* Time that libssh2_sftp_packet_requirev() started reading */ 162 | time_t requirev_start; 163 | 164 | /* State variables used in libssh2_sftp_open_ex() */ 165 | libssh2_nonblocking_states open_state; 166 | unsigned char *open_packet; 167 | uint32_t open_packet_len; /* 32 bit on the wire */ 168 | size_t open_packet_sent; 169 | uint32_t open_request_id; 170 | 171 | /* State variable used in sftp_read() */ 172 | libssh2_nonblocking_states read_state; 173 | 174 | /* State variable used in sftp_packet_read() */ 175 | libssh2_nonblocking_states packet_state; 176 | 177 | /* State variable used in sftp_write() */ 178 | libssh2_nonblocking_states write_state; 179 | 180 | /* State variables used in sftp_fsync() */ 181 | libssh2_nonblocking_states fsync_state; 182 | unsigned char *fsync_packet; 183 | uint32_t fsync_request_id; 184 | 185 | /* State variables used in libssh2_sftp_readdir() */ 186 | libssh2_nonblocking_states readdir_state; 187 | unsigned char *readdir_packet; 188 | uint32_t readdir_request_id; 189 | 190 | /* State variables used in libssh2_sftp_fstat_ex() */ 191 | libssh2_nonblocking_states fstat_state; 192 | unsigned char *fstat_packet; 193 | uint32_t fstat_request_id; 194 | 195 | /* State variables used in libssh2_sftp_unlink_ex() */ 196 | libssh2_nonblocking_states unlink_state; 197 | unsigned char *unlink_packet; 198 | uint32_t unlink_request_id; 199 | 200 | /* State variables used in libssh2_sftp_rename_ex() */ 201 | libssh2_nonblocking_states rename_state; 202 | unsigned char *rename_packet; 203 | unsigned char *rename_s; 204 | uint32_t rename_request_id; 205 | 206 | /* State variables used in libssh2_sftp_posix_rename_ex() */ 207 | libssh2_nonblocking_states posix_rename_state; 208 | unsigned char *posix_rename_packet; 209 | uint32_t posix_rename_request_id; 210 | 211 | /* State variables used in libssh2_sftp_fstatvfs() */ 212 | libssh2_nonblocking_states fstatvfs_state; 213 | unsigned char *fstatvfs_packet; 214 | uint32_t fstatvfs_request_id; 215 | 216 | /* State variables used in libssh2_sftp_statvfs() */ 217 | libssh2_nonblocking_states statvfs_state; 218 | unsigned char *statvfs_packet; 219 | uint32_t statvfs_request_id; 220 | 221 | /* State variables used in libssh2_sftp_mkdir() */ 222 | libssh2_nonblocking_states mkdir_state; 223 | unsigned char *mkdir_packet; 224 | uint32_t mkdir_request_id; 225 | 226 | /* State variables used in libssh2_sftp_rmdir() */ 227 | libssh2_nonblocking_states rmdir_state; 228 | unsigned char *rmdir_packet; 229 | uint32_t rmdir_request_id; 230 | 231 | /* State variables used in libssh2_sftp_stat() */ 232 | libssh2_nonblocking_states stat_state; 233 | unsigned char *stat_packet; 234 | uint32_t stat_request_id; 235 | 236 | /* State variables used in libssh2_sftp_symlink() */ 237 | libssh2_nonblocking_states symlink_state; 238 | unsigned char *symlink_packet; 239 | uint32_t symlink_request_id; 240 | }; 241 | 242 | #endif /* LIBSSH2_SFTP_PRIV_H */ 243 | -------------------------------------------------------------------------------- /Sources/CSSH2/libgcrypt.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBSSH2_LIBGCRYPT_H 2 | #define LIBSSH2_LIBGCRYPT_H 3 | /* 4 | * Copyright (C) Simon Josefsson 5 | * Copyright (C) The Written Word, Inc. 6 | * All rights reserved. 7 | * 8 | * Redistribution and use in source and binary forms, 9 | * with or without modification, are permitted provided 10 | * that the following conditions are met: 11 | * 12 | * Redistributions of source code must retain the above 13 | * copyright notice, this list of conditions and the 14 | * following disclaimer. 15 | * 16 | * Redistributions in binary form must reproduce the above 17 | * copyright notice, this list of conditions and the following 18 | * disclaimer in the documentation and/or other materials 19 | * provided with the distribution. 20 | * 21 | * Neither the name of the copyright holder nor the names 22 | * of any other contributors may be used to endorse or 23 | * promote products derived from this software without 24 | * specific prior written permission. 25 | * 26 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 27 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 28 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 29 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 31 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 32 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 33 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 34 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 35 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 36 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 37 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 38 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 39 | * OF SUCH DAMAGE. 40 | * 41 | * SPDX-License-Identifier: BSD-3-Clause 42 | */ 43 | 44 | #define LIBSSH2_CRYPTO_ENGINE libssh2_gcrypt 45 | 46 | #include 47 | 48 | #define LIBSSH2_MD5 1 49 | 50 | #define LIBSSH2_HMAC_RIPEMD 1 51 | #define LIBSSH2_HMAC_SHA256 1 52 | #define LIBSSH2_HMAC_SHA512 1 53 | 54 | #define LIBSSH2_AES_CBC 1 55 | #define LIBSSH2_AES_CTR 1 56 | #define LIBSSH2_AES_GCM 0 57 | #define LIBSSH2_BLOWFISH 1 58 | #define LIBSSH2_RC4 1 59 | #define LIBSSH2_CAST 1 60 | #define LIBSSH2_3DES 1 61 | 62 | #define LIBSSH2_RSA 1 63 | #define LIBSSH2_RSA_SHA1 1 64 | #define LIBSSH2_RSA_SHA2 0 65 | #define LIBSSH2_DSA 1 66 | #define LIBSSH2_ECDSA 0 67 | #define LIBSSH2_ED25519 0 68 | 69 | #include "crypto_config.h" 70 | 71 | #if LIBSSH2_MD5 || LIBSSH2_MD5_PEM 72 | #define MD5_DIGEST_LENGTH 16 73 | #endif 74 | #define SHA_DIGEST_LENGTH 20 75 | #define SHA256_DIGEST_LENGTH 32 76 | #define SHA384_DIGEST_LENGTH 48 77 | #define SHA512_DIGEST_LENGTH 64 78 | 79 | #define EC_MAX_POINT_LEN ((528 * 2 / 8) + 1) 80 | 81 | #define _libssh2_random(buf, len) \ 82 | (gcry_randomize((buf), (len), GCRY_STRONG_RANDOM), 0) 83 | 84 | #define libssh2_prepare_iovec(vec, len) /* Empty. */ 85 | 86 | #define libssh2_sha1_ctx gcry_md_hd_t 87 | /* returns 0 in case of failure */ 88 | #define libssh2_sha1_init(ctx) \ 89 | (GPG_ERR_NO_ERROR == gcry_md_open(ctx, GCRY_MD_SHA1, 0)) 90 | #define libssh2_sha1_update(ctx, data, len) \ 91 | (gcry_md_write(ctx, (unsigned char *) data, len), 1) 92 | #define libssh2_sha1_final(ctx, out) \ 93 | (memcpy(out, gcry_md_read(ctx, 0), SHA_DIGEST_LENGTH), \ 94 | gcry_md_close(ctx), 1) 95 | #define libssh2_sha1(message, len, out) \ 96 | (gcry_md_hash_buffer(GCRY_MD_SHA1, out, message, len), 0) 97 | 98 | #define libssh2_sha256_ctx gcry_md_hd_t 99 | #define libssh2_sha256_init(ctx) \ 100 | (GPG_ERR_NO_ERROR == gcry_md_open(ctx, GCRY_MD_SHA256, 0)) 101 | #define libssh2_sha256_update(ctx, data, len) \ 102 | (gcry_md_write(ctx, (unsigned char *) data, len), 1) 103 | #define libssh2_sha256_final(ctx, out) \ 104 | (memcpy(out, gcry_md_read(ctx, 0), SHA256_DIGEST_LENGTH), \ 105 | gcry_md_close(ctx), 1) 106 | #define libssh2_sha256(message, len, out) \ 107 | (gcry_md_hash_buffer(GCRY_MD_SHA256, out, message, len), 0) 108 | 109 | #define libssh2_sha384_ctx gcry_md_hd_t 110 | #define libssh2_sha384_init(ctx) \ 111 | (GPG_ERR_NO_ERROR == gcry_md_open(ctx, GCRY_MD_SHA384, 0)) 112 | #define libssh2_sha384_update(ctx, data, len) \ 113 | (gcry_md_write(ctx, (unsigned char *) data, len), 1) 114 | #define libssh2_sha384_final(ctx, out) \ 115 | (memcpy(out, gcry_md_read(ctx, 0), SHA384_DIGEST_LENGTH), \ 116 | gcry_md_close(ctx), 1) 117 | #define libssh2_sha384(message, len, out) \ 118 | (gcry_md_hash_buffer(GCRY_MD_SHA384, out, message, len), 0) 119 | 120 | #define libssh2_sha512_ctx gcry_md_hd_t 121 | #define libssh2_sha512_init(ctx) \ 122 | (GPG_ERR_NO_ERROR == gcry_md_open(ctx, GCRY_MD_SHA512, 0)) 123 | #define libssh2_sha512_update(ctx, data, len) \ 124 | (gcry_md_write(ctx, (unsigned char *) data, len), 1) 125 | #define libssh2_sha512_final(ctx, out) \ 126 | (memcpy(out, gcry_md_read(ctx, 0), SHA512_DIGEST_LENGTH), \ 127 | gcry_md_close(ctx), 1) 128 | #define libssh2_sha512(message, len, out) \ 129 | (gcry_md_hash_buffer(GCRY_MD_SHA512, out, message, len), 0) 130 | 131 | #if LIBSSH2_MD5 || LIBSSH2_MD5_PEM 132 | #define libssh2_md5_ctx gcry_md_hd_t 133 | #define libssh2_md5_init(ctx) \ 134 | (GPG_ERR_NO_ERROR == gcry_md_open(ctx, GCRY_MD_MD5, 0)) 135 | #define libssh2_md5_update(ctx, data, len) \ 136 | (gcry_md_write(ctx, (unsigned char *) data, len), 1) 137 | #define libssh2_md5_final(ctx, out) \ 138 | (memcpy(out, gcry_md_read(ctx, 0), MD5_DIGEST_LENGTH), \ 139 | gcry_md_close(ctx), 1) 140 | #endif 141 | 142 | #define libssh2_hmac_ctx gcry_md_hd_t 143 | 144 | #define libssh2_crypto_init() gcry_control(GCRYCTL_DISABLE_SECMEM) 145 | #define libssh2_crypto_exit() 146 | 147 | #define libssh2_rsa_ctx struct gcry_sexp 148 | 149 | #define _libssh2_rsa_free(rsactx) gcry_sexp_release(rsactx) 150 | 151 | #define libssh2_dsa_ctx struct gcry_sexp 152 | 153 | #define _libssh2_dsa_free(dsactx) gcry_sexp_release(dsactx) 154 | 155 | #if LIBSSH2_ECDSA 156 | #else 157 | #define _libssh2_ec_key void 158 | #endif 159 | 160 | #define _libssh2_cipher_type(name) int name 161 | #define _libssh2_cipher_ctx gcry_cipher_hd_t 162 | 163 | #define _libssh2_gcry_ciphermode(c,m) ((c << 8) | m) 164 | #define _libssh2_gcry_cipher(c) (c >> 8) 165 | #define _libssh2_gcry_mode(m) (m & 0xFF) 166 | 167 | #define _libssh2_cipher_aes256ctr \ 168 | _libssh2_gcry_ciphermode(GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR) 169 | #define _libssh2_cipher_aes192ctr \ 170 | _libssh2_gcry_ciphermode(GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR) 171 | #define _libssh2_cipher_aes128ctr \ 172 | _libssh2_gcry_ciphermode(GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR) 173 | #define _libssh2_cipher_aes256 \ 174 | _libssh2_gcry_ciphermode(GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC) 175 | #define _libssh2_cipher_aes192 \ 176 | _libssh2_gcry_ciphermode(GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC) 177 | #define _libssh2_cipher_aes128 \ 178 | _libssh2_gcry_ciphermode(GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC) 179 | #define _libssh2_cipher_blowfish \ 180 | _libssh2_gcry_ciphermode(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC) 181 | #define _libssh2_cipher_arcfour \ 182 | _libssh2_gcry_ciphermode(GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM) 183 | #define _libssh2_cipher_cast5 \ 184 | _libssh2_gcry_ciphermode(GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CBC) 185 | #define _libssh2_cipher_3des \ 186 | _libssh2_gcry_ciphermode(GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC) 187 | #define _libssh2_cipher_chacha20 \ 188 | _libssh2_gcry_ciphermode(GCRY_CIPHER_CHACHA20, GCRY_CIPHER_MODE_STREAM) 189 | 190 | 191 | #define _libssh2_cipher_dtor(ctx) gcry_cipher_close(*(ctx)) 192 | 193 | #define _libssh2_bn struct gcry_mpi 194 | #define _libssh2_bn_ctx int 195 | #define _libssh2_bn_ctx_new() 0 196 | #define _libssh2_bn_ctx_free(bnctx) ((void)0) 197 | #define _libssh2_bn_init() gcry_mpi_new(0) 198 | #define _libssh2_bn_init_from_bin() NULL /* because gcry_mpi_scan() creates a 199 | new bignum */ 200 | #define _libssh2_bn_set_word(bn, val) gcry_mpi_set_ui(bn, val) 201 | #define _libssh2_bn_from_bin(bn, len, val) \ 202 | gcry_mpi_scan(&((bn)), GCRYMPI_FMT_USG, val, len, NULL) 203 | #define _libssh2_bn_to_bin(bn, val) \ 204 | gcry_mpi_print(GCRYMPI_FMT_USG, val, _libssh2_bn_bytes(bn), NULL, bn) 205 | #define _libssh2_bn_bytes(bn) \ 206 | (gcry_mpi_get_nbits(bn) / 8 + \ 207 | ((gcry_mpi_get_nbits(bn) % 8 == 0) ? 0 : 1)) 208 | #define _libssh2_bn_bits(bn) gcry_mpi_get_nbits(bn) 209 | #define _libssh2_bn_free(bn) gcry_mpi_release(bn) 210 | 211 | /* Default generate and safe prime sizes for 212 | diffie-hellman-group-exchange-sha1 */ 213 | #define LIBSSH2_DH_GEX_MINGROUP 2048 214 | #define LIBSSH2_DH_GEX_OPTGROUP 4096 215 | #define LIBSSH2_DH_GEX_MAXGROUP 8192 216 | 217 | #define LIBSSH2_DH_MAX_MODULUS_BITS 16384 218 | 219 | #define _libssh2_dh_ctx struct gcry_mpi * 220 | #define libssh2_dh_init(dhctx) _libssh2_dh_init(dhctx) 221 | #define libssh2_dh_key_pair(dhctx, public, g, p, group_order, bnctx) \ 222 | _libssh2_dh_key_pair(dhctx, public, g, p, group_order) 223 | #define libssh2_dh_secret(dhctx, secret, f, p, bnctx) \ 224 | _libssh2_dh_secret(dhctx, secret, f, p) 225 | #define libssh2_dh_dtor(dhctx) _libssh2_dh_dtor(dhctx) 226 | extern void _libssh2_init_aes_ctr(void); 227 | extern void _libssh2_dh_init(_libssh2_dh_ctx *dhctx); 228 | extern int _libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public, 229 | _libssh2_bn *g, _libssh2_bn *p, 230 | int group_order); 231 | extern int _libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret, 232 | _libssh2_bn *f, _libssh2_bn *p); 233 | extern void _libssh2_dh_dtor(_libssh2_dh_ctx *dhctx); 234 | 235 | #endif /* LIBSSH2_LIBGCRYPT_H */ 236 | -------------------------------------------------------------------------------- /Sources/CSSH2/comp.c: -------------------------------------------------------------------------------- 1 | /* Copyright (C) Sara Golemon 2 | * Copyright (C) Daniel Stenberg 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, 6 | * with or without modification, are permitted provided 7 | * that the following conditions are met: 8 | * 9 | * Redistributions of source code must retain the above 10 | * copyright notice, this list of conditions and the 11 | * following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials 16 | * provided with the distribution. 17 | * 18 | * Neither the name of the copyright holder nor the names 19 | * of any other contributors may be used to endorse or 20 | * promote products derived from this software without 21 | * specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 24 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 25 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 26 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 28 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 29 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 30 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 31 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 33 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 34 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 35 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 36 | * OF SUCH DAMAGE. 37 | * 38 | * SPDX-License-Identifier: BSD-3-Clause 39 | */ 40 | 41 | #include "libssh2_priv.h" 42 | 43 | #ifdef LIBSSH2_HAVE_ZLIB 44 | #include 45 | #undef compress /* dodge name clash with ZLIB macro */ 46 | #endif 47 | 48 | #include "comp.h" 49 | 50 | /* ******** 51 | * none * 52 | ******** */ 53 | 54 | /* 55 | * comp_method_none_comp 56 | * 57 | * Minimalist compression: Absolutely none 58 | */ 59 | static int 60 | comp_method_none_comp(LIBSSH2_SESSION *session, 61 | unsigned char *dest, 62 | size_t *dest_len, 63 | const unsigned char *src, 64 | size_t src_len, 65 | void **abstract) 66 | { 67 | (void)session; 68 | (void)abstract; 69 | (void)dest; 70 | (void)dest_len; 71 | (void)src; 72 | (void)src_len; 73 | 74 | return 0; 75 | } 76 | 77 | /* 78 | * comp_method_none_decomp 79 | * 80 | * Minimalist decompression: Absolutely none 81 | */ 82 | static int 83 | comp_method_none_decomp(LIBSSH2_SESSION * session, 84 | unsigned char **dest, 85 | size_t *dest_len, 86 | size_t payload_limit, 87 | const unsigned char *src, 88 | size_t src_len, void **abstract) 89 | { 90 | (void)session; 91 | (void)payload_limit; 92 | (void)abstract; 93 | *dest = (unsigned char *) src; 94 | *dest_len = src_len; 95 | return 0; 96 | } 97 | 98 | 99 | 100 | static const LIBSSH2_COMP_METHOD comp_method_none = { 101 | "none", 102 | 0, /* not really compressing */ 103 | 0, /* isn't used in userauth, go figure */ 104 | NULL, 105 | comp_method_none_comp, 106 | comp_method_none_decomp, 107 | NULL 108 | }; 109 | 110 | #ifdef LIBSSH2_HAVE_ZLIB 111 | /* ******** 112 | * zlib * 113 | ******** */ 114 | 115 | /* Memory management wrappers 116 | * Yes, I realize we're doing a callback to a callback, 117 | * Deal... 118 | */ 119 | 120 | static voidpf 121 | comp_method_zlib_alloc(voidpf opaque, uInt items, uInt size) 122 | { 123 | LIBSSH2_SESSION *session = (LIBSSH2_SESSION *) opaque; 124 | 125 | return (voidpf) LIBSSH2_ALLOC(session, items * size); 126 | } 127 | 128 | static void 129 | comp_method_zlib_free(voidpf opaque, voidpf address) 130 | { 131 | LIBSSH2_SESSION *session = (LIBSSH2_SESSION *) opaque; 132 | 133 | LIBSSH2_FREE(session, address); 134 | } 135 | 136 | 137 | 138 | /* libssh2_comp_method_zlib_init 139 | * All your bandwidth are belong to us (so save some) 140 | */ 141 | static int 142 | comp_method_zlib_init(LIBSSH2_SESSION * session, int compr, 143 | void **abstract) 144 | { 145 | z_stream *strm; 146 | int status; 147 | 148 | strm = LIBSSH2_CALLOC(session, sizeof(z_stream)); 149 | if(!strm) { 150 | return _libssh2_error(session, LIBSSH2_ERROR_ALLOC, 151 | "Unable to allocate memory for " 152 | "zlib compression/decompression"); 153 | } 154 | 155 | strm->opaque = (voidpf) session; 156 | strm->zalloc = (alloc_func) comp_method_zlib_alloc; 157 | strm->zfree = (free_func) comp_method_zlib_free; 158 | if(compr) { 159 | /* deflate */ 160 | status = deflateInit(strm, Z_DEFAULT_COMPRESSION); 161 | } 162 | else { 163 | /* inflate */ 164 | status = inflateInit(strm); 165 | } 166 | 167 | if(status != Z_OK) { 168 | LIBSSH2_FREE(session, strm); 169 | _libssh2_debug((session, LIBSSH2_TRACE_TRANS, 170 | "unhandled zlib error %d", status)); 171 | return LIBSSH2_ERROR_COMPRESS; 172 | } 173 | *abstract = strm; 174 | 175 | return LIBSSH2_ERROR_NONE; 176 | } 177 | 178 | /* 179 | * libssh2_comp_method_zlib_comp 180 | * 181 | * Compresses source to destination. Without allocation. 182 | */ 183 | static int 184 | comp_method_zlib_comp(LIBSSH2_SESSION *session, 185 | unsigned char *dest, 186 | 187 | /* dest_len is a pointer to allow this function to 188 | update it with the final actual size used */ 189 | size_t *dest_len, 190 | const unsigned char *src, 191 | size_t src_len, 192 | void **abstract) 193 | { 194 | z_stream *strm = *abstract; 195 | uInt out_maxlen = (uInt)*dest_len; 196 | int status; 197 | 198 | strm->next_in = (unsigned char *) src; 199 | strm->avail_in = (uInt)src_len; 200 | strm->next_out = dest; 201 | strm->avail_out = out_maxlen; 202 | 203 | status = deflate(strm, Z_PARTIAL_FLUSH); 204 | 205 | if((status == Z_OK) && (strm->avail_out > 0)) { 206 | *dest_len = out_maxlen - strm->avail_out; 207 | return 0; 208 | } 209 | 210 | _libssh2_debug((session, LIBSSH2_TRACE_TRANS, 211 | "unhandled zlib compression error %d, avail_out %u", 212 | status, strm->avail_out)); 213 | return _libssh2_error(session, LIBSSH2_ERROR_ZLIB, "compression failure"); 214 | } 215 | 216 | /* 217 | * libssh2_comp_method_zlib_decomp 218 | * 219 | * Decompresses source to destination. Allocates the output memory. 220 | */ 221 | static int 222 | comp_method_zlib_decomp(LIBSSH2_SESSION * session, 223 | unsigned char **dest, 224 | size_t *dest_len, 225 | size_t payload_limit, 226 | const unsigned char *src, 227 | size_t src_len, void **abstract) 228 | { 229 | z_stream *strm = *abstract; 230 | /* A short-term alloc of a full data chunk is better than a series of 231 | reallocs */ 232 | char *out; 233 | size_t out_maxlen; 234 | 235 | if(src_len <= SIZE_MAX / 4) 236 | out_maxlen = (uInt)src_len * 4; 237 | else 238 | out_maxlen = payload_limit; 239 | 240 | /* If strm is null, then we have not yet been initialized. */ 241 | if(!strm) 242 | return _libssh2_error(session, LIBSSH2_ERROR_COMPRESS, 243 | "decompression uninitialized"); 244 | 245 | /* In practice they never come smaller than this */ 246 | if(out_maxlen < 25) 247 | out_maxlen = 25; 248 | 249 | if(out_maxlen > payload_limit) 250 | out_maxlen = payload_limit; 251 | 252 | strm->next_in = (unsigned char *) src; 253 | strm->avail_in = (uInt)src_len; 254 | strm->next_out = (unsigned char *) LIBSSH2_ALLOC(session, 255 | (uInt)out_maxlen); 256 | out = (char *) strm->next_out; 257 | strm->avail_out = (uInt)out_maxlen; 258 | if(!strm->next_out) 259 | return _libssh2_error(session, LIBSSH2_ERROR_ALLOC, 260 | "Unable to allocate decompression buffer"); 261 | 262 | /* Loop until it's all inflated or hit error */ 263 | for(;;) { 264 | int status; 265 | size_t out_ofs; 266 | char *newout; 267 | 268 | status = inflate(strm, Z_PARTIAL_FLUSH); 269 | 270 | if(status == Z_OK) { 271 | if(strm->avail_out > 0) 272 | /* status is OK and the output buffer has not been exhausted 273 | so we're done */ 274 | break; 275 | } 276 | else if(status == Z_BUF_ERROR) { 277 | /* the input data has been exhausted so we are done */ 278 | break; 279 | } 280 | else { 281 | /* error state */ 282 | LIBSSH2_FREE(session, out); 283 | _libssh2_debug((session, LIBSSH2_TRACE_TRANS, 284 | "unhandled zlib error %d", status)); 285 | return _libssh2_error(session, LIBSSH2_ERROR_ZLIB, 286 | "decompression failure"); 287 | } 288 | 289 | if(out_maxlen > payload_limit || out_maxlen > SIZE_MAX / 2) { 290 | LIBSSH2_FREE(session, out); 291 | return _libssh2_error(session, LIBSSH2_ERROR_ZLIB, 292 | "Excessive growth in decompression phase"); 293 | } 294 | 295 | /* If we get here we need to grow the output buffer and try again */ 296 | out_ofs = out_maxlen - strm->avail_out; 297 | out_maxlen *= 2; 298 | newout = LIBSSH2_REALLOC(session, out, out_maxlen); 299 | if(!newout) { 300 | LIBSSH2_FREE(session, out); 301 | return _libssh2_error(session, LIBSSH2_ERROR_ALLOC, 302 | "Unable to expand decompression buffer"); 303 | } 304 | out = newout; 305 | strm->next_out = (unsigned char *) out + out_ofs; 306 | strm->avail_out = (uInt)(out_maxlen - out_ofs); 307 | } 308 | 309 | *dest = (unsigned char *) out; 310 | *dest_len = out_maxlen - strm->avail_out; 311 | 312 | return 0; 313 | } 314 | 315 | 316 | /* libssh2_comp_method_zlib_dtor 317 | * All done, no more compression for you 318 | */ 319 | static int 320 | comp_method_zlib_dtor(LIBSSH2_SESSION *session, int compr, void **abstract) 321 | { 322 | z_stream *strm = *abstract; 323 | 324 | if(strm) { 325 | if(compr) 326 | deflateEnd(strm); 327 | else 328 | inflateEnd(strm); 329 | LIBSSH2_FREE(session, strm); 330 | } 331 | 332 | *abstract = NULL; 333 | return 0; 334 | } 335 | 336 | static const LIBSSH2_COMP_METHOD comp_method_zlib = { 337 | "zlib", 338 | 1, /* yes, this compresses */ 339 | 1, /* do compression during userauth */ 340 | comp_method_zlib_init, 341 | comp_method_zlib_comp, 342 | comp_method_zlib_decomp, 343 | comp_method_zlib_dtor, 344 | }; 345 | 346 | static const LIBSSH2_COMP_METHOD comp_method_zlib_openssh = { 347 | "zlib@openssh.com", 348 | 1, /* yes, this compresses */ 349 | 0, /* don't use compression during userauth */ 350 | comp_method_zlib_init, 351 | comp_method_zlib_comp, 352 | comp_method_zlib_decomp, 353 | comp_method_zlib_dtor, 354 | }; 355 | #endif /* LIBSSH2_HAVE_ZLIB */ 356 | 357 | /* If compression is enabled by the API, then this array is used which then 358 | may allow compression if zlib is available at build time */ 359 | static const LIBSSH2_COMP_METHOD *comp_methods[] = { 360 | #ifdef LIBSSH2_HAVE_ZLIB 361 | &comp_method_zlib, 362 | &comp_method_zlib_openssh, 363 | #endif /* LIBSSH2_HAVE_ZLIB */ 364 | &comp_method_none, 365 | NULL 366 | }; 367 | 368 | /* If compression is disabled by the API, then this array is used */ 369 | static const LIBSSH2_COMP_METHOD *no_comp_methods[] = { 370 | &comp_method_none, 371 | NULL 372 | }; 373 | 374 | const LIBSSH2_COMP_METHOD ** 375 | _libssh2_comp_methods(LIBSSH2_SESSION *session) 376 | { 377 | if(session->flag.compress) 378 | return comp_methods; 379 | else 380 | return no_comp_methods; 381 | } 382 | -------------------------------------------------------------------------------- /Sources/CSSH2/agent_win.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) Daiki Ueno 3 | * Copyright (C) Daniel Stenberg 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, 7 | * with or without modification, are permitted provided 8 | * that the following conditions are met: 9 | * 10 | * Redistributions of source code must retain the above 11 | * copyright notice, this list of conditions and the 12 | * following disclaimer. 13 | * 14 | * Redistributions in binary form must reproduce the above 15 | * copyright notice, this list of conditions and the following 16 | * disclaimer in the documentation and/or other materials 17 | * provided with the distribution. 18 | * 19 | * Neither the name of the copyright holder nor the names 20 | * of any other contributors may be used to endorse or 21 | * promote products derived from this software without 22 | * specific prior written permission. 23 | * 24 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 25 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 26 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 29 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 30 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 31 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 32 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 33 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 34 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 35 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 36 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 37 | * OF SUCH DAMAGE. 38 | * 39 | * SPDX-License-Identifier: BSD-3-Clause AND BSD-2-Clause 40 | */ 41 | 42 | #ifdef HAVE_WIN32_AGENTS /* Compile this via agent.c */ 43 | 44 | #include /* for getenv() */ 45 | 46 | /* Code to talk to OpenSSH was taken and modified from the Win32 port of 47 | * Portable OpenSSH by the PowerShell team. Commit 48 | * 8ab565c53f3619d6a1f5ac229e212cad8a52852c of 49 | * https://github.com/PowerShell/openssh-portable.git was used as the base, 50 | * specifically the following files: 51 | * 52 | * - contrib\win32\win32compat\fileio.c 53 | * - Structure of agent_connect_openssh from ssh_get_authentication_socket 54 | * - Structure of agent_transact_openssh from ssh_request_reply 55 | * - contrib\win32\win32compat\wmain_common.c 56 | * - Windows equivalent functions for common Unix functions, inlined into 57 | * this implementation 58 | * - fileio_connect replacing connect 59 | * - fileio_read replacing read 60 | * - fileio_write replacing write 61 | * - fileio_close replacing close 62 | * 63 | * Author: Tatu Ylonen 64 | * Copyright (C) 1995 Tatu Ylonen , Espoo, Finland 65 | * All rights reserved 66 | * Functions for connecting the local authentication agent. 67 | * 68 | * As far as I am concerned, the code I have written for this software 69 | * can be used freely for any purpose. Any derived versions of this 70 | * software must be clearly marked as such, and if the derived work is 71 | * incompatible with the protocol description in the RFC file, it must be 72 | * called by a name other than "ssh" or "Secure Shell". 73 | * 74 | * SSH2 implementation, 75 | * Copyright (C) 2000 Markus Friedl. All rights reserved. 76 | * 77 | * Redistribution and use in source and binary forms, with or without 78 | * modification, are permitted provided that the following conditions 79 | * are met: 80 | * 1. Redistributions of source code must retain the above copyright 81 | * notice, this list of conditions and the following disclaimer. 82 | * 2. Redistributions in binary form must reproduce the above copyright 83 | * notice, this list of conditions and the following disclaimer in the 84 | * documentation and/or other materials provided with the distribution. 85 | * 86 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 87 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 88 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 89 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 90 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 91 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 92 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 93 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 94 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 95 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 96 | * 97 | * Copyright (C) 2015 Microsoft Corp. 98 | * All rights reserved 99 | * 100 | * Microsoft openssh win32 port 101 | * 102 | * Redistribution and use in source and binary forms, with or without 103 | * modification, are permitted provided that the following conditions 104 | * are met: 105 | * 106 | * 1. Redistributions of source code must retain the above copyright 107 | * notice, this list of conditions and the following disclaimer. 108 | * 2. Redistributions in binary form must reproduce the above copyright 109 | * notice, this list of conditions and the following disclaimer in the 110 | * documentation and/or other materials provided with the distribution. 111 | * 112 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 113 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 114 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 115 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 116 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 117 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 118 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 119 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 120 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 121 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 122 | */ 123 | 124 | #define WIN32_OPENSSH_AGENT_SOCK "\\\\.\\pipe\\openssh-ssh-agent" 125 | 126 | static int 127 | agent_connect_openssh(LIBSSH2_AGENT *agent) 128 | { 129 | int ret = LIBSSH2_ERROR_NONE; 130 | const char *path; 131 | HANDLE pipe = INVALID_HANDLE_VALUE; 132 | HANDLE event = NULL; 133 | 134 | path = agent->identity_agent_path; 135 | if(!path) { 136 | path = getenv("SSH_AUTH_SOCK"); 137 | if(!path) 138 | path = WIN32_OPENSSH_AGENT_SOCK; 139 | } 140 | 141 | for(;;) { 142 | pipe = CreateFileA( 143 | path, 144 | GENERIC_READ | GENERIC_WRITE, 145 | 0, 146 | NULL, 147 | OPEN_EXISTING, 148 | /* Non-blocking mode for agent connections is not implemented at 149 | * the point this was implemented. The code for Win32 OpenSSH 150 | * should support non-blocking IO, but the code calling it doesn't 151 | * support it as of yet. 152 | * When non-blocking IO is implemented for the surrounding code, 153 | * uncomment the following line to enable support within the Win32 154 | * OpenSSH code. 155 | */ 156 | /* FILE_FLAG_OVERLAPPED | */ 157 | SECURITY_SQOS_PRESENT | 158 | SECURITY_IDENTIFICATION, 159 | NULL 160 | ); 161 | 162 | if(pipe != INVALID_HANDLE_VALUE) 163 | break; 164 | if(GetLastError() != ERROR_PIPE_BUSY) 165 | break; 166 | 167 | /* Wait up to 1 second for a pipe instance to become available */ 168 | if(!WaitNamedPipeA(path, 1000)) 169 | break; 170 | } 171 | 172 | if(pipe == INVALID_HANDLE_VALUE) { 173 | ret = _libssh2_error(agent->session, LIBSSH2_ERROR_AGENT_PROTOCOL, 174 | "unable to connect to agent pipe"); 175 | goto cleanup; 176 | } 177 | 178 | if(SetHandleInformation(pipe, HANDLE_FLAG_INHERIT, 0) == FALSE) { 179 | ret = _libssh2_error(agent->session, LIBSSH2_ERROR_AGENT_PROTOCOL, 180 | "unable to set handle information of agent pipe"); 181 | goto cleanup; 182 | } 183 | 184 | event = CreateEventA(NULL, TRUE, FALSE, NULL); 185 | if(!event) { 186 | ret = _libssh2_error(agent->session, LIBSSH2_ERROR_AGENT_PROTOCOL, 187 | "unable to create async I/O event"); 188 | goto cleanup; 189 | } 190 | 191 | agent->pipe = pipe; 192 | pipe = INVALID_HANDLE_VALUE; 193 | agent->overlapped.hEvent = event; 194 | event = NULL; 195 | agent->fd = 0; /* Mark as the connection has been established */ 196 | 197 | cleanup: 198 | if(event) 199 | CloseHandle(event); 200 | if(pipe != INVALID_HANDLE_VALUE) 201 | CloseHandle(pipe); 202 | return ret; 203 | } 204 | 205 | #define RECV_SEND_ALL(func, agent, buffer, length, total) \ 206 | DWORD bytes_transfered; \ 207 | BOOL ret; \ 208 | DWORD err; \ 209 | int rc; \ 210 | \ 211 | while(*total < length) { \ 212 | if(!agent->pending_io) \ 213 | ret = func(agent->pipe, (char *)buffer + *total, \ 214 | (DWORD)(length - *total), &bytes_transfered, \ 215 | &agent->overlapped); \ 216 | else \ 217 | ret = GetOverlappedResult(agent->pipe, &agent->overlapped, \ 218 | &bytes_transfered, FALSE); \ 219 | \ 220 | *total += bytes_transfered; \ 221 | if(!ret) { \ 222 | err = GetLastError(); \ 223 | if((!agent->pending_io && ERROR_IO_PENDING == err) \ 224 | || (agent->pending_io && ERROR_IO_INCOMPLETE == err)) { \ 225 | agent->pending_io = TRUE; \ 226 | return LIBSSH2_ERROR_EAGAIN; \ 227 | } \ 228 | \ 229 | return LIBSSH2_ERROR_SOCKET_NONE; \ 230 | } \ 231 | agent->pending_io = FALSE; \ 232 | } \ 233 | \ 234 | rc = (int)*total; \ 235 | *total = 0; \ 236 | return rc; 237 | 238 | static int 239 | win32_openssh_send_all(LIBSSH2_AGENT *agent, void *buffer, size_t length, 240 | size_t *send_recv_total) 241 | { 242 | RECV_SEND_ALL(WriteFile, agent, buffer, length, send_recv_total) 243 | } 244 | 245 | static int 246 | win32_openssh_recv_all(LIBSSH2_AGENT *agent, void *buffer, size_t length, 247 | size_t *send_recv_total) 248 | { 249 | RECV_SEND_ALL(ReadFile, agent, buffer, length, send_recv_total) 250 | } 251 | 252 | #undef RECV_SEND_ALL 253 | 254 | static int 255 | agent_transact_openssh(LIBSSH2_AGENT *agent, agent_transaction_ctx_t transctx) 256 | { 257 | unsigned char buf[4]; 258 | int rc; 259 | 260 | /* Send the length of the request */ 261 | if(transctx->state == agent_NB_state_request_created) { 262 | _libssh2_htonu32(buf, (uint32_t)transctx->request_len); 263 | rc = win32_openssh_send_all(agent, buf, sizeof(buf), 264 | &transctx->send_recv_total); 265 | if(rc == LIBSSH2_ERROR_EAGAIN) 266 | return LIBSSH2_ERROR_EAGAIN; 267 | else if(rc < 0) 268 | return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_SEND, 269 | "agent send failed"); 270 | transctx->state = agent_NB_state_request_length_sent; 271 | } 272 | 273 | /* Send the request body */ 274 | if(transctx->state == agent_NB_state_request_length_sent) { 275 | rc = win32_openssh_send_all(agent, transctx->request, 276 | transctx->request_len, 277 | &transctx->send_recv_total); 278 | if(rc == LIBSSH2_ERROR_EAGAIN) 279 | return LIBSSH2_ERROR_EAGAIN; 280 | else if(rc < 0) 281 | return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_SEND, 282 | "agent send failed"); 283 | transctx->state = agent_NB_state_request_sent; 284 | } 285 | 286 | /* Receive the length of the body */ 287 | if(transctx->state == agent_NB_state_request_sent) { 288 | rc = win32_openssh_recv_all(agent, buf, sizeof(buf), 289 | &transctx->send_recv_total); 290 | if(rc == LIBSSH2_ERROR_EAGAIN) 291 | return LIBSSH2_ERROR_EAGAIN; 292 | else if(rc < 0) 293 | return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_RECV, 294 | "agent recv failed"); 295 | 296 | transctx->response_len = _libssh2_ntohu32(buf); 297 | transctx->response = LIBSSH2_ALLOC(agent->session, 298 | transctx->response_len); 299 | if(!transctx->response) 300 | return LIBSSH2_ERROR_ALLOC; 301 | 302 | transctx->state = agent_NB_state_response_length_received; 303 | } 304 | 305 | /* Receive the response body */ 306 | if(transctx->state == agent_NB_state_response_length_received) { 307 | rc = win32_openssh_recv_all(agent, transctx->response, 308 | transctx->response_len, 309 | &transctx->send_recv_total); 310 | if(rc == LIBSSH2_ERROR_EAGAIN) 311 | return LIBSSH2_ERROR_EAGAIN; 312 | else if(rc < 0) 313 | return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_RECV, 314 | "agent recv failed"); 315 | transctx->state = agent_NB_state_response_received; 316 | } 317 | 318 | return LIBSSH2_ERROR_NONE; 319 | } 320 | 321 | static int 322 | agent_disconnect_openssh(LIBSSH2_AGENT *agent) 323 | { 324 | if(!CancelIo(agent->pipe)) 325 | return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_DISCONNECT, 326 | "failed to cancel pending IO of agent pipe"); 327 | if(!CloseHandle(agent->overlapped.hEvent)) 328 | return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_DISCONNECT, 329 | "failed to close handle to async I/O event"); 330 | agent->overlapped.hEvent = NULL; 331 | /* let queued APCs (if any) drain */ 332 | SleepEx(0, TRUE); 333 | if(!CloseHandle(agent->pipe)) 334 | return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_DISCONNECT, 335 | "failed to close handle to agent pipe"); 336 | 337 | agent->pipe = INVALID_HANDLE_VALUE; 338 | agent->fd = LIBSSH2_INVALID_SOCKET; 339 | 340 | return LIBSSH2_ERROR_NONE; 341 | } 342 | 343 | static struct agent_ops agent_ops_openssh = { 344 | agent_connect_openssh, 345 | agent_transact_openssh, 346 | agent_disconnect_openssh 347 | }; 348 | 349 | #endif /* HAVE_WIN32_AGENTS */ 350 | -------------------------------------------------------------------------------- /Sources/CSSH2/openssl.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBSSH2_OPENSSL_H 2 | #define LIBSSH2_OPENSSL_H 3 | /* Copyright (C) Simon Josefsson 4 | * Copyright (C) The Written Word, Inc. 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, 8 | * with or without modification, are permitted provided 9 | * that the following conditions are met: 10 | * 11 | * Redistributions of source code must retain the above 12 | * copyright notice, this list of conditions and the 13 | * following disclaimer. 14 | * 15 | * Redistributions in binary form must reproduce the above 16 | * copyright notice, this list of conditions and the following 17 | * disclaimer in the documentation and/or other materials 18 | * provided with the distribution. 19 | * 20 | * Neither the name of the copyright holder nor the names 21 | * of any other contributors may be used to endorse or 22 | * promote products derived from this software without 23 | * specific prior written permission. 24 | * 25 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 26 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 27 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 30 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 31 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 32 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 33 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 35 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 36 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 37 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 38 | * OF SUCH DAMAGE. 39 | * 40 | * SPDX-License-Identifier: BSD-3-Clause 41 | */ 42 | 43 | #define LIBSSH2_CRYPTO_ENGINE libssh2_openssl 44 | 45 | /* disable deprecated warnings in OpenSSL 3 */ 46 | #define OPENSSL_SUPPRESS_DEPRECATED 47 | 48 | #ifdef LIBSSH2_WOLFSSL 49 | 50 | #include 51 | #include 52 | 53 | #if defined(NO_DSA) || defined(HAVE_FIPS) 54 | #define OPENSSL_NO_DSA 55 | #endif 56 | 57 | #if defined(NO_MD5) || defined(HAVE_FIPS) 58 | #define OPENSSL_NO_MD5 59 | #endif 60 | 61 | #if !defined(WOLFSSL_RIPEMD) || defined(HAVE_FIPS) 62 | #define OPENSSL_NO_RIPEMD 63 | #endif 64 | 65 | #if defined(NO_RC4) || defined(HAVE_FIPS) 66 | #define OPENSSL_NO_RC4 67 | #endif 68 | 69 | #ifdef NO_DES3 70 | #define OPENSSL_NO_DES 71 | #endif 72 | 73 | /* wolfSSL doesn't support Blowfish or CAST. */ 74 | #define OPENSSL_NO_BF 75 | #define OPENSSL_NO_CAST 76 | /* wolfSSL has no engine framework. */ 77 | #define OPENSSL_NO_ENGINE 78 | 79 | #include 80 | #include 81 | #include 82 | #ifndef OPENSSL_NO_DSA 83 | #include 84 | #endif 85 | #ifndef OPENSSL_NO_MD5 86 | #include 87 | #endif 88 | #include 89 | #include 90 | #include 91 | #include 92 | #include 93 | #include 94 | 95 | #else /* !LIBSSH2_WOLFSSL */ 96 | 97 | #include 98 | #include 99 | #include 100 | #ifndef OPENSSL_NO_ENGINE 101 | #include 102 | #endif 103 | #ifndef OPENSSL_NO_DSA 104 | #include 105 | #endif 106 | #ifndef OPENSSL_NO_MD5 107 | #include 108 | #endif 109 | #include 110 | #include 111 | #include 112 | #include 113 | #include 114 | #include 115 | 116 | #if OPENSSL_VERSION_NUMBER >= 0x30000000L 117 | #define USE_OPENSSL_3 1 118 | #include 119 | #endif 120 | 121 | #endif /* LIBSSH2_WOLFSSL */ 122 | 123 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L && \ 124 | !defined(LIBRESSL_VERSION_NUMBER)) || defined(LIBSSH2_WOLFSSL) || \ 125 | (defined(LIBRESSL_VERSION_NUMBER) && \ 126 | LIBRESSL_VERSION_NUMBER >= 0x3050000fL) 127 | /* For wolfSSL, whether the structs are truly opaque or not, it's best to not 128 | * rely on their internal data members being exposed publicly. */ 129 | # define HAVE_OPAQUE_STRUCTS 1 130 | #endif 131 | 132 | #ifdef OPENSSL_NO_RSA 133 | # define LIBSSH2_RSA 0 134 | # define LIBSSH2_RSA_SHA1 0 135 | # define LIBSSH2_RSA_SHA2 0 136 | #else 137 | # define LIBSSH2_RSA 1 138 | # define LIBSSH2_RSA_SHA1 1 139 | # define LIBSSH2_RSA_SHA2 1 140 | #endif 141 | 142 | #ifdef OPENSSL_NO_DSA 143 | # define LIBSSH2_DSA 0 144 | #else 145 | # define LIBSSH2_DSA 1 146 | #endif 147 | 148 | #if defined(OPENSSL_NO_ECDSA) || defined(OPENSSL_NO_EC) 149 | # define LIBSSH2_ECDSA 0 150 | #else 151 | # define LIBSSH2_ECDSA 1 152 | #endif 153 | 154 | #if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \ 155 | !defined(LIBRESSL_VERSION_NUMBER)) || \ 156 | (defined(LIBRESSL_VERSION_NUMBER) && \ 157 | LIBRESSL_VERSION_NUMBER >= 0x3070000fL) 158 | # define LIBSSH2_ED25519 1 159 | #else 160 | # define LIBSSH2_ED25519 0 161 | #endif 162 | 163 | 164 | #ifdef OPENSSL_NO_MD5 165 | # define LIBSSH2_MD5 0 166 | #else 167 | # define LIBSSH2_MD5 1 168 | #endif 169 | 170 | #if defined(OPENSSL_NO_RIPEMD) || defined(OPENSSL_NO_RMD160) 171 | # define LIBSSH2_HMAC_RIPEMD 0 172 | #else 173 | # define LIBSSH2_HMAC_RIPEMD 1 174 | #endif 175 | 176 | #define LIBSSH2_HMAC_SHA256 1 177 | #define LIBSSH2_HMAC_SHA512 1 178 | 179 | #if (OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES)) || \ 180 | (defined(LIBSSH2_WOLFSSL) && defined(WOLFSSL_AES_COUNTER)) 181 | # define LIBSSH2_AES_CTR 1 182 | # define LIBSSH2_AES_CBC 1 183 | #else 184 | # define LIBSSH2_AES_CTR 0 185 | # define LIBSSH2_AES_CBC 0 186 | #endif 187 | 188 | /* wolfSSL v5.4.0 is required due to possibly this bug: 189 | https://github.com/wolfSSL/wolfssl/pull/5205 190 | Before this release, all libssh2 tests crash with AES-GCM enabled */ 191 | #if (OPENSSL_VERSION_NUMBER >= 0x01010100fL && !defined(OPENSSL_NO_AES)) || \ 192 | (defined(LIBSSH2_WOLFSSL) && LIBWOLFSSL_VERSION_HEX >= 0x05004000 && \ 193 | defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)) 194 | # define LIBSSH2_AES_GCM 1 195 | #else 196 | # define LIBSSH2_AES_GCM 0 197 | #endif 198 | 199 | #ifdef OPENSSL_NO_BF 200 | # define LIBSSH2_BLOWFISH 0 201 | #else 202 | # define LIBSSH2_BLOWFISH 1 203 | #endif 204 | 205 | #ifdef OPENSSL_NO_RC4 206 | # define LIBSSH2_RC4 0 207 | #else 208 | # define LIBSSH2_RC4 1 209 | #endif 210 | 211 | #ifdef OPENSSL_NO_CAST 212 | # define LIBSSH2_CAST 0 213 | #else 214 | # define LIBSSH2_CAST 1 215 | #endif 216 | 217 | #ifdef OPENSSL_NO_DES 218 | # define LIBSSH2_3DES 0 219 | #else 220 | # define LIBSSH2_3DES 1 221 | #endif 222 | 223 | #include "crypto_config.h" 224 | 225 | #define EC_MAX_POINT_LEN ((528 * 2 / 8) + 1) 226 | 227 | #define _libssh2_random(buf, len) \ 228 | _libssh2_openssl_random((buf), (len)) 229 | 230 | #define libssh2_prepare_iovec(vec, len) /* Empty. */ 231 | 232 | #ifdef HAVE_OPAQUE_STRUCTS 233 | #define libssh2_sha1_ctx EVP_MD_CTX * 234 | #else 235 | #define libssh2_sha1_ctx EVP_MD_CTX 236 | #endif 237 | 238 | /* returns 0 in case of failure */ 239 | int _libssh2_sha1_init(libssh2_sha1_ctx *ctx); 240 | int _libssh2_sha1_update(libssh2_sha1_ctx *ctx, 241 | const void *data, size_t len); 242 | int _libssh2_sha1_final(libssh2_sha1_ctx *ctx, unsigned char *out); 243 | int _libssh2_sha1(const unsigned char *message, size_t len, 244 | unsigned char *out); 245 | #define libssh2_sha1_init(x) _libssh2_sha1_init(x) 246 | #define libssh2_sha1_update(ctx, data, len) \ 247 | _libssh2_sha1_update(&(ctx), data, len) 248 | #define libssh2_sha1_final(ctx, out) _libssh2_sha1_final(&(ctx), out) 249 | #define libssh2_sha1(x,y,z) _libssh2_sha1(x,y,z) 250 | 251 | #ifdef HAVE_OPAQUE_STRUCTS 252 | #define libssh2_sha256_ctx EVP_MD_CTX * 253 | #else 254 | #define libssh2_sha256_ctx EVP_MD_CTX 255 | #endif 256 | 257 | /* returns 0 in case of failure */ 258 | int _libssh2_sha256_init(libssh2_sha256_ctx *ctx); 259 | int _libssh2_sha256_update(libssh2_sha256_ctx *ctx, 260 | const void *data, size_t len); 261 | int _libssh2_sha256_final(libssh2_sha256_ctx *ctx, unsigned char *out); 262 | int _libssh2_sha256(const unsigned char *message, size_t len, 263 | unsigned char *out); 264 | #define libssh2_sha256_init(x) _libssh2_sha256_init(x) 265 | #define libssh2_sha256_update(ctx, data, len) \ 266 | _libssh2_sha256_update(&(ctx), data, len) 267 | #define libssh2_sha256_final(ctx, out) _libssh2_sha256_final(&(ctx), out) 268 | #define libssh2_sha256(x,y,z) _libssh2_sha256(x,y,z) 269 | 270 | #ifdef HAVE_OPAQUE_STRUCTS 271 | #define libssh2_sha384_ctx EVP_MD_CTX * 272 | #else 273 | #define libssh2_sha384_ctx EVP_MD_CTX 274 | #endif 275 | 276 | /* returns 0 in case of failure */ 277 | int _libssh2_sha384_init(libssh2_sha384_ctx *ctx); 278 | int _libssh2_sha384_update(libssh2_sha384_ctx *ctx, 279 | const void *data, size_t len); 280 | int _libssh2_sha384_final(libssh2_sha384_ctx *ctx, unsigned char *out); 281 | int _libssh2_sha384(const unsigned char *message, size_t len, 282 | unsigned char *out); 283 | #define libssh2_sha384_init(x) _libssh2_sha384_init(x) 284 | #define libssh2_sha384_update(ctx, data, len) \ 285 | _libssh2_sha384_update(&(ctx), data, len) 286 | #define libssh2_sha384_final(ctx, out) _libssh2_sha384_final(&(ctx), out) 287 | #define libssh2_sha384(x,y,z) _libssh2_sha384(x,y,z) 288 | 289 | #ifdef HAVE_OPAQUE_STRUCTS 290 | #define libssh2_sha512_ctx EVP_MD_CTX * 291 | #else 292 | #define libssh2_sha512_ctx EVP_MD_CTX 293 | #endif 294 | 295 | /* returns 0 in case of failure */ 296 | int _libssh2_sha512_init(libssh2_sha512_ctx *ctx); 297 | int _libssh2_sha512_update(libssh2_sha512_ctx *ctx, 298 | const void *data, size_t len); 299 | int _libssh2_sha512_final(libssh2_sha512_ctx *ctx, unsigned char *out); 300 | int _libssh2_sha512(const unsigned char *message, size_t len, 301 | unsigned char *out); 302 | #define libssh2_sha512_init(x) _libssh2_sha512_init(x) 303 | #define libssh2_sha512_update(ctx, data, len) \ 304 | _libssh2_sha512_update(&(ctx), data, len) 305 | #define libssh2_sha512_final(ctx, out) _libssh2_sha512_final(&(ctx), out) 306 | #define libssh2_sha512(x,y,z) _libssh2_sha512(x,y,z) 307 | 308 | #if LIBSSH2_MD5 || LIBSSH2_MD5_PEM 309 | #ifdef HAVE_OPAQUE_STRUCTS 310 | #define libssh2_md5_ctx EVP_MD_CTX * 311 | #else 312 | #define libssh2_md5_ctx EVP_MD_CTX 313 | #endif 314 | 315 | /* returns 0 in case of failure */ 316 | int _libssh2_md5_init(libssh2_md5_ctx *ctx); 317 | int _libssh2_md5_update(libssh2_md5_ctx *ctx, 318 | const void *data, size_t len); 319 | int _libssh2_md5_final(libssh2_md5_ctx *ctx, unsigned char *out); 320 | #define libssh2_md5_init(x) _libssh2_md5_init(x) 321 | #define libssh2_md5_update(ctx, data, len) \ 322 | _libssh2_md5_update(&(ctx), data, len) 323 | #define libssh2_md5_final(ctx, out) _libssh2_md5_final(&(ctx), out) 324 | #endif /* LIBSSH2_MD5 || LIBSSH2_MD5_PEM */ 325 | 326 | #ifdef USE_OPENSSL_3 327 | #define libssh2_hmac_ctx EVP_MAC_CTX * 328 | #elif defined(HAVE_OPAQUE_STRUCTS) 329 | #define libssh2_hmac_ctx HMAC_CTX * 330 | #else /* !HAVE_OPAQUE_STRUCTS */ 331 | #define libssh2_hmac_ctx HMAC_CTX 332 | #endif /* USE_OPENSSL_3 */ 333 | 334 | extern void _libssh2_openssl_crypto_init(void); 335 | extern void _libssh2_openssl_crypto_exit(void); 336 | #define libssh2_crypto_init() _libssh2_openssl_crypto_init() 337 | #define libssh2_crypto_exit() _libssh2_openssl_crypto_exit() 338 | 339 | #if LIBSSH2_RSA 340 | 341 | #ifdef USE_OPENSSL_3 342 | #define libssh2_rsa_ctx EVP_PKEY 343 | #define _libssh2_rsa_free(rsactx) EVP_PKEY_free(rsactx) 344 | #else 345 | #define libssh2_rsa_ctx RSA 346 | #define _libssh2_rsa_free(rsactx) RSA_free(rsactx) 347 | #endif 348 | 349 | #endif /* LIBSSH2_RSA */ 350 | 351 | #if LIBSSH2_DSA 352 | 353 | #ifdef USE_OPENSSL_3 354 | #define libssh2_dsa_ctx EVP_PKEY 355 | #define _libssh2_dsa_free(rsactx) EVP_PKEY_free(rsactx) 356 | #else 357 | #define libssh2_dsa_ctx DSA 358 | #define _libssh2_dsa_free(dsactx) DSA_free(dsactx) 359 | #endif 360 | 361 | #endif /* LIBSSH2_DSA */ 362 | 363 | #if LIBSSH2_ECDSA 364 | 365 | #ifdef USE_OPENSSL_3 366 | #define libssh2_ecdsa_ctx EVP_PKEY 367 | #define _libssh2_ecdsa_free(ecdsactx) EVP_PKEY_free(ecdsactx) 368 | #define _libssh2_ec_key EVP_PKEY 369 | #else 370 | #define libssh2_ecdsa_ctx EC_KEY 371 | #define _libssh2_ecdsa_free(ecdsactx) EC_KEY_free(ecdsactx) 372 | #define _libssh2_ec_key EC_KEY 373 | #endif 374 | 375 | typedef enum { 376 | LIBSSH2_EC_CURVE_NISTP256 = NID_X9_62_prime256v1, 377 | LIBSSH2_EC_CURVE_NISTP384 = NID_secp384r1, 378 | LIBSSH2_EC_CURVE_NISTP521 = NID_secp521r1 379 | } 380 | libssh2_curve_type; 381 | #else /* !LIBSSH2_ECDSA */ 382 | #define _libssh2_ec_key void 383 | #endif /* LIBSSH2_ECDSA */ 384 | 385 | #if LIBSSH2_ED25519 386 | #define libssh2_ed25519_ctx EVP_PKEY 387 | #define _libssh2_ed25519_free(ctx) EVP_PKEY_free(ctx) 388 | #endif /* LIBSSH2_ED25519 */ 389 | 390 | #define _libssh2_cipher_type(name) const EVP_CIPHER *(*name)(void) 391 | #ifdef HAVE_OPAQUE_STRUCTS 392 | #define _libssh2_cipher_ctx EVP_CIPHER_CTX * 393 | #else 394 | #define _libssh2_cipher_ctx EVP_CIPHER_CTX 395 | #endif 396 | 397 | #define _libssh2_cipher_aes256gcm EVP_aes_256_gcm 398 | #define _libssh2_cipher_aes128gcm EVP_aes_128_gcm 399 | 400 | #define _libssh2_cipher_aes256 EVP_aes_256_cbc 401 | #define _libssh2_cipher_aes192 EVP_aes_192_cbc 402 | #define _libssh2_cipher_aes128 EVP_aes_128_cbc 403 | #define _libssh2_cipher_aes128ctr EVP_aes_128_ctr 404 | #define _libssh2_cipher_aes192ctr EVP_aes_192_ctr 405 | #define _libssh2_cipher_aes256ctr EVP_aes_256_ctr 406 | #define _libssh2_cipher_blowfish EVP_bf_cbc 407 | #define _libssh2_cipher_arcfour EVP_rc4 408 | #define _libssh2_cipher_cast5 EVP_cast5_cbc 409 | #define _libssh2_cipher_3des EVP_des_ede3_cbc 410 | #define _libssh2_cipher_chacha20 NULL 411 | 412 | #ifdef HAVE_OPAQUE_STRUCTS 413 | #define _libssh2_cipher_dtor(ctx) EVP_CIPHER_CTX_free(*(ctx)) 414 | #else 415 | #define _libssh2_cipher_dtor(ctx) EVP_CIPHER_CTX_cleanup(ctx) 416 | #endif 417 | 418 | #define _libssh2_bn BIGNUM 419 | #define _libssh2_bn_ctx BN_CTX 420 | #define _libssh2_bn_ctx_new() BN_CTX_new() 421 | #define _libssh2_bn_ctx_free(bnctx) BN_CTX_free(bnctx) 422 | #define _libssh2_bn_init() BN_new() 423 | #define _libssh2_bn_init_from_bin() _libssh2_bn_init() 424 | #define _libssh2_bn_set_word(bn, val) !BN_set_word(bn, val) 425 | extern int _libssh2_bn_from_bin(_libssh2_bn *bn, size_t len, 426 | const unsigned char *v); 427 | #define _libssh2_bn_to_bin(bn, val) (BN_bn2bin(bn, val) <= 0) 428 | #define _libssh2_bn_bytes(bn) BN_num_bytes(bn) 429 | #define _libssh2_bn_bits(bn) BN_num_bits(bn) 430 | #define _libssh2_bn_free(bn) BN_clear_free(bn) 431 | 432 | /* Default generate and safe prime sizes for 433 | diffie-hellman-group-exchange-sha1 */ 434 | #define LIBSSH2_DH_GEX_MINGROUP 2048 435 | #define LIBSSH2_DH_GEX_OPTGROUP 4096 436 | #define LIBSSH2_DH_GEX_MAXGROUP 8192 437 | 438 | #define LIBSSH2_DH_MAX_MODULUS_BITS 16384 439 | 440 | #define _libssh2_dh_ctx BIGNUM * 441 | #define libssh2_dh_init(dhctx) _libssh2_dh_init(dhctx) 442 | #define libssh2_dh_key_pair(dhctx, public, g, p, group_order, bnctx) \ 443 | _libssh2_dh_key_pair(dhctx, public, g, p, group_order, bnctx) 444 | #define libssh2_dh_secret(dhctx, secret, f, p, bnctx) \ 445 | _libssh2_dh_secret(dhctx, secret, f, p, bnctx) 446 | #define libssh2_dh_dtor(dhctx) _libssh2_dh_dtor(dhctx) 447 | extern void _libssh2_dh_init(_libssh2_dh_ctx *dhctx); 448 | extern int _libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public, 449 | _libssh2_bn *g, _libssh2_bn *p, 450 | int group_order, 451 | _libssh2_bn_ctx *bnctx); 452 | extern int _libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret, 453 | _libssh2_bn *f, _libssh2_bn *p, 454 | _libssh2_bn_ctx *bnctx); 455 | extern void _libssh2_dh_dtor(_libssh2_dh_ctx *dhctx); 456 | 457 | extern int _libssh2_openssl_random(void *buf, size_t len); 458 | 459 | const EVP_CIPHER *_libssh2_EVP_aes_128_ctr(void); 460 | const EVP_CIPHER *_libssh2_EVP_aes_192_ctr(void); 461 | const EVP_CIPHER *_libssh2_EVP_aes_256_ctr(void); 462 | 463 | #endif /* LIBSSH2_OPENSSL_H */ 464 | -------------------------------------------------------------------------------- /Sources/CSSH2/crypto.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBSSH2_CRYPTO_H 2 | #define LIBSSH2_CRYPTO_H 3 | /* Copyright (C) Simon Josefsson 4 | * Copyright (C) The Written Word, Inc. 5 | * Copyright (C) Daniel Stenberg 6 | * All rights reserved. 7 | * 8 | * Redistribution and use in source and binary forms, 9 | * with or without modification, are permitted provided 10 | * that the following conditions are met: 11 | * 12 | * Redistributions of source code must retain the above 13 | * copyright notice, this list of conditions and the 14 | * following disclaimer. 15 | * 16 | * Redistributions in binary form must reproduce the above 17 | * copyright notice, this list of conditions and the following 18 | * disclaimer in the documentation and/or other materials 19 | * provided with the distribution. 20 | * 21 | * Neither the name of the copyright holder nor the names 22 | * of any other contributors may be used to endorse or 23 | * promote products derived from this software without 24 | * specific prior written permission. 25 | * 26 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 27 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 28 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 29 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 31 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 32 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 33 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 34 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 35 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 36 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 37 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 38 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 39 | * OF SUCH DAMAGE. 40 | * 41 | * SPDX-License-Identifier: BSD-3-Clause 42 | */ 43 | 44 | #if defined(LIBSSH2_OPENSSL) || defined(LIBSSH2_WOLFSSL) 45 | #include "openssl.h" 46 | #elif defined(LIBSSH2_LIBGCRYPT) 47 | #include "libgcrypt.h" 48 | #elif defined(LIBSSH2_MBEDTLS) 49 | #include "mbedtls.h" 50 | #elif defined(LIBSSH2_OS400QC3) 51 | #include "os400qc3.h" 52 | #elif defined(LIBSSH2_WINCNG) 53 | #include "wincng.h" 54 | #else 55 | #error "no cryptography backend selected" 56 | #endif 57 | 58 | /* return: success = 1, error = 0 */ 59 | int _libssh2_hmac_ctx_init(libssh2_hmac_ctx *ctx); 60 | #if LIBSSH2_MD5 61 | int _libssh2_hmac_md5_init(libssh2_hmac_ctx *ctx, 62 | void *key, size_t keylen); 63 | #endif 64 | #if LIBSSH2_HMAC_RIPEMD 65 | int _libssh2_hmac_ripemd160_init(libssh2_hmac_ctx *ctx, 66 | void *key, size_t keylen); 67 | #endif 68 | int _libssh2_hmac_sha1_init(libssh2_hmac_ctx *ctx, 69 | void *key, size_t keylen); 70 | int _libssh2_hmac_sha256_init(libssh2_hmac_ctx *ctx, 71 | void *key, size_t keylen); 72 | int _libssh2_hmac_sha512_init(libssh2_hmac_ctx *ctx, 73 | void *key, size_t keylen); 74 | int _libssh2_hmac_update(libssh2_hmac_ctx *ctx, 75 | const void *data, size_t datalen); 76 | int _libssh2_hmac_final(libssh2_hmac_ctx *ctx, void *data); 77 | void _libssh2_hmac_cleanup(libssh2_hmac_ctx *ctx); 78 | 79 | #define LIBSSH2_ED25519_KEY_LEN 32 80 | #define LIBSSH2_ED25519_PRIVATE_KEY_LEN 64 81 | #define LIBSSH2_ED25519_SIG_LEN 64 82 | 83 | #if LIBSSH2_RSA 84 | int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa, 85 | const unsigned char *edata, 86 | unsigned long elen, 87 | const unsigned char *ndata, 88 | unsigned long nlen, 89 | const unsigned char *ddata, 90 | unsigned long dlen, 91 | const unsigned char *pdata, 92 | unsigned long plen, 93 | const unsigned char *qdata, 94 | unsigned long qlen, 95 | const unsigned char *e1data, 96 | unsigned long e1len, 97 | const unsigned char *e2data, 98 | unsigned long e2len, 99 | const unsigned char *coeffdata, unsigned long coefflen); 100 | int _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa, 101 | LIBSSH2_SESSION * session, 102 | const char *filename, 103 | unsigned const char *passphrase); 104 | #if LIBSSH2_RSA_SHA1 105 | int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session, 106 | libssh2_rsa_ctx * rsactx, 107 | const unsigned char *hash, 108 | size_t hash_len, 109 | unsigned char **signature, 110 | size_t *signature_len); 111 | int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsa, 112 | const unsigned char *sig, 113 | size_t sig_len, 114 | const unsigned char *m, size_t m_len); 115 | #endif 116 | #if LIBSSH2_RSA_SHA2 117 | int _libssh2_rsa_sha2_sign(LIBSSH2_SESSION * session, 118 | libssh2_rsa_ctx * rsactx, 119 | const unsigned char *hash, 120 | size_t hash_len, 121 | unsigned char **signature, 122 | size_t *signature_len); 123 | int _libssh2_rsa_sha2_verify(libssh2_rsa_ctx * rsa, 124 | size_t hash_len, 125 | const unsigned char *sig, 126 | size_t sig_len, 127 | const unsigned char *m, size_t m_len); 128 | #endif 129 | int _libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa, 130 | LIBSSH2_SESSION * session, 131 | const char *filedata, 132 | size_t filedata_len, 133 | unsigned const char *passphrase); 134 | #endif 135 | 136 | #if LIBSSH2_DSA 137 | int _libssh2_dsa_new(libssh2_dsa_ctx ** dsa, 138 | const unsigned char *pdata, 139 | unsigned long plen, 140 | const unsigned char *qdata, 141 | unsigned long qlen, 142 | const unsigned char *gdata, 143 | unsigned long glen, 144 | const unsigned char *ydata, 145 | unsigned long ylen, 146 | const unsigned char *x, unsigned long x_len); 147 | int _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa, 148 | LIBSSH2_SESSION * session, 149 | const char *filename, 150 | unsigned const char *passphrase); 151 | int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx, 152 | const unsigned char *sig, 153 | const unsigned char *m, size_t m_len); 154 | int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, 155 | const unsigned char *hash, 156 | size_t hash_len, unsigned char *sig); 157 | int _libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa, 158 | LIBSSH2_SESSION * session, 159 | const char *filedata, 160 | size_t filedata_len, 161 | unsigned const char *passphrase); 162 | #endif 163 | 164 | #if LIBSSH2_ECDSA 165 | int 166 | _libssh2_ecdsa_curve_name_with_octal_new(libssh2_ecdsa_ctx ** ecdsactx, 167 | const unsigned char *k, 168 | size_t k_len, 169 | libssh2_curve_type type); 170 | 171 | int 172 | _libssh2_ecdsa_new_private(libssh2_ecdsa_ctx ** ec_ctx, 173 | LIBSSH2_SESSION * session, 174 | const char *filename, 175 | unsigned const char *passphrase); 176 | 177 | int 178 | _libssh2_ecdsa_new_private_sk(libssh2_ecdsa_ctx ** ec_ctx, 179 | unsigned char *flags, 180 | const char **application, 181 | const unsigned char **key_handle, 182 | size_t *handle_len, 183 | LIBSSH2_SESSION * session, 184 | const char *filename, 185 | unsigned const char *passphrase); 186 | 187 | int 188 | _libssh2_ecdsa_verify(libssh2_ecdsa_ctx * ctx, 189 | const unsigned char *r, size_t r_len, 190 | const unsigned char *s, size_t s_len, 191 | const unsigned char *m, size_t m_len); 192 | 193 | int 194 | _libssh2_ecdsa_create_key(LIBSSH2_SESSION *session, 195 | _libssh2_ec_key **out_private_key, 196 | unsigned char **out_public_key_octal, 197 | size_t *out_public_key_octal_len, 198 | libssh2_curve_type curve_type); 199 | 200 | int 201 | _libssh2_ecdh_gen_k(_libssh2_bn **k, _libssh2_ec_key *private_key, 202 | const unsigned char *server_public_key, 203 | size_t server_public_key_len); 204 | 205 | int 206 | _libssh2_ecdsa_sign(LIBSSH2_SESSION *session, libssh2_ecdsa_ctx *ec_ctx, 207 | const unsigned char *hash, size_t hash_len, 208 | unsigned char **signature, size_t *signature_len); 209 | 210 | int _libssh2_ecdsa_new_private_frommemory(libssh2_ecdsa_ctx ** ec_ctx, 211 | LIBSSH2_SESSION * session, 212 | const char *filedata, 213 | size_t filedata_len, 214 | unsigned const char *passphrase); 215 | 216 | int _libssh2_ecdsa_new_private_frommemory_sk(libssh2_ecdsa_ctx ** ec_ctx, 217 | unsigned char *flags, 218 | const char **application, 219 | const unsigned char **key_handle, 220 | size_t *handle_len, 221 | LIBSSH2_SESSION * session, 222 | const char *filedata, 223 | size_t filedata_len, 224 | unsigned const char *passphrase); 225 | 226 | libssh2_curve_type 227 | _libssh2_ecdsa_get_curve_type(libssh2_ecdsa_ctx *ec_ctx); 228 | 229 | int 230 | _libssh2_ecdsa_curve_type_from_name(const char *name, 231 | libssh2_curve_type *out_type); 232 | 233 | #endif /* LIBSSH2_ECDSA */ 234 | 235 | #if LIBSSH2_ED25519 236 | 237 | int 238 | _libssh2_curve25519_new(LIBSSH2_SESSION *session, uint8_t **out_public_key, 239 | uint8_t **out_private_key); 240 | 241 | int 242 | _libssh2_curve25519_gen_k(_libssh2_bn **k, 243 | uint8_t private_key[LIBSSH2_ED25519_KEY_LEN], 244 | uint8_t server_public_key[LIBSSH2_ED25519_KEY_LEN]); 245 | 246 | int 247 | _libssh2_ed25519_verify(libssh2_ed25519_ctx *ctx, const uint8_t *s, 248 | size_t s_len, const uint8_t *m, size_t m_len); 249 | 250 | int 251 | _libssh2_ed25519_new_private(libssh2_ed25519_ctx **ed_ctx, 252 | LIBSSH2_SESSION *session, 253 | const char *filename, const uint8_t *passphrase); 254 | 255 | int 256 | _libssh2_ed25519_new_private_sk(libssh2_ed25519_ctx **ed_ctx, 257 | unsigned char *flags, 258 | const char **application, 259 | const unsigned char **key_handle, 260 | size_t *handle_len, 261 | LIBSSH2_SESSION *session, 262 | const char *filename, 263 | const uint8_t *passphrase); 264 | 265 | int 266 | _libssh2_ed25519_new_public(libssh2_ed25519_ctx **ed_ctx, 267 | LIBSSH2_SESSION *session, 268 | const unsigned char *raw_pub_key, 269 | const size_t key_len); 270 | 271 | int 272 | _libssh2_ed25519_sign(libssh2_ed25519_ctx *ctx, LIBSSH2_SESSION *session, 273 | uint8_t **out_sig, size_t *out_sig_len, 274 | const uint8_t *message, size_t message_len); 275 | 276 | int 277 | _libssh2_ed25519_new_private_frommemory(libssh2_ed25519_ctx **ed_ctx, 278 | LIBSSH2_SESSION *session, 279 | const char *filedata, 280 | size_t filedata_len, 281 | unsigned const char *passphrase); 282 | 283 | int 284 | _libssh2_ed25519_new_private_frommemory_sk(libssh2_ed25519_ctx **ed_ctx, 285 | unsigned char *flags, 286 | const char **application, 287 | const unsigned char **key_handle, 288 | size_t *handle_len, 289 | LIBSSH2_SESSION *session, 290 | const char *filedata, 291 | size_t filedata_len, 292 | unsigned const char *passphrase); 293 | 294 | #endif /* LIBSSH2_ED25519 */ 295 | 296 | 297 | int _libssh2_cipher_init(_libssh2_cipher_ctx * h, 298 | _libssh2_cipher_type(algo), 299 | unsigned char *iv, 300 | unsigned char *secret, int encrypt); 301 | 302 | int _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx, 303 | _libssh2_cipher_type(algo), 304 | int encrypt, unsigned char *block, size_t blocksize, 305 | int firstlast); 306 | 307 | int _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session, 308 | unsigned char **method, 309 | size_t *method_len, 310 | unsigned char **pubkeydata, 311 | size_t *pubkeydata_len, 312 | const char *privatekey, 313 | const char *passphrase); 314 | 315 | int _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session, 316 | unsigned char **method, 317 | size_t *method_len, 318 | unsigned char **pubkeydata, 319 | size_t *pubkeydata_len, 320 | const char *privatekeydata, 321 | size_t privatekeydata_len, 322 | const char *passphrase); 323 | 324 | 325 | int _libssh2_sk_pub_keyfilememory(LIBSSH2_SESSION *session, 326 | unsigned char **method, 327 | size_t *method_len, 328 | unsigned char **pubkeydata, 329 | size_t *pubkeydata_len, 330 | int *algorithm, 331 | unsigned char *flags, 332 | const char **application, 333 | const unsigned char **key_handle, 334 | size_t *handle_len, 335 | const char *privatekeydata, 336 | size_t privatekeydata_len, 337 | const char *passphrase); 338 | 339 | /** 340 | * @function _libssh2_supported_key_sign_algorithms 341 | * @abstract Returns supported algorithms used for upgrading public 342 | * key signing RFC 8332 343 | * @discussion Based on the incoming key_method value, this function 344 | * will return supported algorithms that can upgrade the key method 345 | * @related _libssh2_key_sign_algorithm() 346 | * @param key_method current key method, usually the default key sig method 347 | * @param key_method_len length of the key method buffer 348 | * @result comma separated list of supported upgrade options per RFC 8332, if 349 | * there is no upgrade option return NULL 350 | */ 351 | 352 | const char * 353 | _libssh2_supported_key_sign_algorithms(LIBSSH2_SESSION *session, 354 | unsigned char *key_method, 355 | size_t key_method_len); 356 | 357 | #endif /* LIBSSH2_CRYPTO_H */ 358 | -------------------------------------------------------------------------------- /Sources/CSSH2/mac.c: -------------------------------------------------------------------------------- 1 | /* Copyright (C) Sara Golemon 2 | * All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, 5 | * with or without modification, are permitted provided 6 | * that the following conditions are met: 7 | * 8 | * Redistributions of source code must retain the above 9 | * copyright notice, this list of conditions and the 10 | * following disclaimer. 11 | * 12 | * Redistributions in binary form must reproduce the above 13 | * copyright notice, this list of conditions and the following 14 | * disclaimer in the documentation and/or other materials 15 | * provided with the distribution. 16 | * 17 | * Neither the name of the copyright holder nor the names 18 | * of any other contributors may be used to endorse or 19 | * promote products derived from this software without 20 | * specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 23 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 24 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 27 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 29 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 30 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 32 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 34 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 35 | * OF SUCH DAMAGE. 36 | * 37 | * SPDX-License-Identifier: BSD-3-Clause 38 | */ 39 | 40 | #include "libssh2_priv.h" 41 | #include "mac.h" 42 | 43 | #if defined(LIBSSH2DEBUG) && defined(LIBSSH2_MAC_NONE_INSECURE) 44 | /* mac_none_MAC 45 | * 46 | * Minimalist MAC: No MAC. DO NOT USE. 47 | * 48 | * The SSH2 Transport allows implementations to forego a message 49 | * authentication code. While this is less of a security risk than using 50 | * a "none" cipher, it is still not recommended as disabling MAC hashes 51 | * removes a layer of security. 52 | * 53 | * Enabling this option will allow for "none" as a negotiable method, 54 | * however it still requires that the method be advertised by the remote 55 | * end and that no more-preferable methods are available. 56 | * 57 | */ 58 | static int 59 | mac_none_MAC(LIBSSH2_SESSION * session, unsigned char *buf, 60 | uint32_t seqno, const unsigned char *packet, 61 | size_t packet_len, const unsigned char *addtl, 62 | size_t addtl_len, void **abstract) 63 | { 64 | return 0; 65 | } 66 | 67 | 68 | 69 | 70 | static LIBSSH2_MAC_METHOD mac_method_none = { 71 | "none", 72 | 0, 73 | 0, 74 | NULL, 75 | mac_none_MAC, 76 | NULL, 77 | 0 78 | }; 79 | #endif /* defined(LIBSSH2DEBUG) && defined(LIBSSH2_MAC_NONE_INSECURE) */ 80 | 81 | /* mac_method_common_init 82 | * Initialize simple mac methods 83 | */ 84 | static int 85 | mac_method_common_init(LIBSSH2_SESSION * session, unsigned char *key, 86 | int *free_key, void **abstract) 87 | { 88 | *abstract = key; 89 | *free_key = 0; 90 | (void)session; 91 | 92 | return 0; 93 | } 94 | 95 | 96 | 97 | /* mac_method_common_dtor 98 | * Cleanup simple mac methods 99 | */ 100 | static int 101 | mac_method_common_dtor(LIBSSH2_SESSION * session, void **abstract) 102 | { 103 | if(*abstract) { 104 | LIBSSH2_FREE(session, *abstract); 105 | } 106 | *abstract = NULL; 107 | 108 | return 0; 109 | } 110 | 111 | 112 | 113 | #if LIBSSH2_HMAC_SHA512 114 | /* mac_method_hmac_sha512_hash 115 | * Calculate hash using full sha512 value 116 | */ 117 | static int 118 | mac_method_hmac_sha2_512_hash(LIBSSH2_SESSION * session, 119 | unsigned char *buf, uint32_t seqno, 120 | const unsigned char *packet, 121 | size_t packet_len, 122 | const unsigned char *addtl, 123 | size_t addtl_len, void **abstract) 124 | { 125 | libssh2_hmac_ctx ctx; 126 | unsigned char seqno_buf[4]; 127 | int res; 128 | (void)session; 129 | 130 | _libssh2_htonu32(seqno_buf, seqno); 131 | 132 | if(!_libssh2_hmac_ctx_init(&ctx)) 133 | return 1; 134 | res = _libssh2_hmac_sha512_init(&ctx, *abstract, 64) && 135 | _libssh2_hmac_update(&ctx, seqno_buf, 4) && 136 | _libssh2_hmac_update(&ctx, packet, packet_len); 137 | if(res && addtl && addtl_len) 138 | res = _libssh2_hmac_update(&ctx, addtl, addtl_len); 139 | if(res) 140 | res = _libssh2_hmac_final(&ctx, buf); 141 | _libssh2_hmac_cleanup(&ctx); 142 | 143 | return !res; 144 | } 145 | 146 | 147 | 148 | static const LIBSSH2_MAC_METHOD mac_method_hmac_sha2_512 = { 149 | "hmac-sha2-512", 150 | 64, 151 | 64, 152 | mac_method_common_init, 153 | mac_method_hmac_sha2_512_hash, 154 | mac_method_common_dtor, 155 | 0 156 | }; 157 | 158 | static const LIBSSH2_MAC_METHOD mac_method_hmac_sha2_512_etm = { 159 | "hmac-sha2-512-etm@openssh.com", 160 | 64, 161 | 64, 162 | mac_method_common_init, 163 | mac_method_hmac_sha2_512_hash, 164 | mac_method_common_dtor, 165 | 1 166 | }; 167 | 168 | #endif 169 | 170 | 171 | 172 | #if LIBSSH2_HMAC_SHA256 173 | /* mac_method_hmac_sha256_hash 174 | * Calculate hash using full sha256 value 175 | */ 176 | static int 177 | mac_method_hmac_sha2_256_hash(LIBSSH2_SESSION * session, 178 | unsigned char *buf, uint32_t seqno, 179 | const unsigned char *packet, 180 | size_t packet_len, 181 | const unsigned char *addtl, 182 | size_t addtl_len, void **abstract) 183 | { 184 | libssh2_hmac_ctx ctx; 185 | unsigned char seqno_buf[4]; 186 | int res; 187 | (void)session; 188 | 189 | _libssh2_htonu32(seqno_buf, seqno); 190 | 191 | if(!_libssh2_hmac_ctx_init(&ctx)) 192 | return 1; 193 | res = _libssh2_hmac_sha256_init(&ctx, *abstract, 32) && 194 | _libssh2_hmac_update(&ctx, seqno_buf, 4) && 195 | _libssh2_hmac_update(&ctx, packet, packet_len); 196 | if(res && addtl && addtl_len) 197 | res = _libssh2_hmac_update(&ctx, addtl, addtl_len); 198 | if(res) 199 | res = _libssh2_hmac_final(&ctx, buf); 200 | _libssh2_hmac_cleanup(&ctx); 201 | 202 | return !res; 203 | } 204 | 205 | 206 | 207 | static const LIBSSH2_MAC_METHOD mac_method_hmac_sha2_256 = { 208 | "hmac-sha2-256", 209 | 32, 210 | 32, 211 | mac_method_common_init, 212 | mac_method_hmac_sha2_256_hash, 213 | mac_method_common_dtor, 214 | 0 215 | }; 216 | 217 | static const LIBSSH2_MAC_METHOD mac_method_hmac_sha2_256_etm = { 218 | "hmac-sha2-256-etm@openssh.com", 219 | 32, 220 | 32, 221 | mac_method_common_init, 222 | mac_method_hmac_sha2_256_hash, 223 | mac_method_common_dtor, 224 | 1 225 | }; 226 | 227 | #endif 228 | 229 | 230 | 231 | 232 | /* mac_method_hmac_sha1_hash 233 | * Calculate hash using full sha1 value 234 | */ 235 | static int 236 | mac_method_hmac_sha1_hash(LIBSSH2_SESSION * session, 237 | unsigned char *buf, uint32_t seqno, 238 | const unsigned char *packet, 239 | size_t packet_len, 240 | const unsigned char *addtl, 241 | size_t addtl_len, void **abstract) 242 | { 243 | libssh2_hmac_ctx ctx; 244 | unsigned char seqno_buf[4]; 245 | int res; 246 | (void)session; 247 | 248 | _libssh2_htonu32(seqno_buf, seqno); 249 | 250 | if(!_libssh2_hmac_ctx_init(&ctx)) 251 | return 1; 252 | res = _libssh2_hmac_sha1_init(&ctx, *abstract, 20) && 253 | _libssh2_hmac_update(&ctx, seqno_buf, 4) && 254 | _libssh2_hmac_update(&ctx, packet, packet_len); 255 | if(res && addtl && addtl_len) 256 | res = _libssh2_hmac_update(&ctx, addtl, addtl_len); 257 | if(res) 258 | res = _libssh2_hmac_final(&ctx, buf); 259 | _libssh2_hmac_cleanup(&ctx); 260 | 261 | return !res; 262 | } 263 | 264 | 265 | 266 | static const LIBSSH2_MAC_METHOD mac_method_hmac_sha1 = { 267 | "hmac-sha1", 268 | 20, 269 | 20, 270 | mac_method_common_init, 271 | mac_method_hmac_sha1_hash, 272 | mac_method_common_dtor, 273 | 0 274 | }; 275 | 276 | static const LIBSSH2_MAC_METHOD mac_method_hmac_sha1_etm = { 277 | "hmac-sha1-etm@openssh.com", 278 | 20, 279 | 20, 280 | mac_method_common_init, 281 | mac_method_hmac_sha1_hash, 282 | mac_method_common_dtor, 283 | 1 284 | }; 285 | 286 | /* mac_method_hmac_sha1_96_hash 287 | * Calculate hash using first 96 bits of sha1 value 288 | */ 289 | static int 290 | mac_method_hmac_sha1_96_hash(LIBSSH2_SESSION * session, 291 | unsigned char *buf, uint32_t seqno, 292 | const unsigned char *packet, 293 | size_t packet_len, 294 | const unsigned char *addtl, 295 | size_t addtl_len, void **abstract) 296 | { 297 | unsigned char temp[SHA_DIGEST_LENGTH]; 298 | 299 | if(mac_method_hmac_sha1_hash(session, temp, seqno, packet, packet_len, 300 | addtl, addtl_len, abstract)) 301 | return 1; 302 | 303 | memcpy(buf, (char *) temp, 96 / 8); 304 | return 0; 305 | } 306 | 307 | 308 | 309 | static const LIBSSH2_MAC_METHOD mac_method_hmac_sha1_96 = { 310 | "hmac-sha1-96", 311 | 12, 312 | 20, 313 | mac_method_common_init, 314 | mac_method_hmac_sha1_96_hash, 315 | mac_method_common_dtor, 316 | 0 317 | }; 318 | 319 | #if LIBSSH2_MD5 320 | /* mac_method_hmac_md5_hash 321 | * Calculate hash using full md5 value 322 | */ 323 | static int 324 | mac_method_hmac_md5_hash(LIBSSH2_SESSION * session, unsigned char *buf, 325 | uint32_t seqno, 326 | const unsigned char *packet, 327 | size_t packet_len, 328 | const unsigned char *addtl, 329 | size_t addtl_len, void **abstract) 330 | { 331 | libssh2_hmac_ctx ctx; 332 | unsigned char seqno_buf[4]; 333 | int res; 334 | (void)session; 335 | 336 | _libssh2_htonu32(seqno_buf, seqno); 337 | 338 | if(!_libssh2_hmac_ctx_init(&ctx)) 339 | return 1; 340 | res = _libssh2_hmac_md5_init(&ctx, *abstract, 16) && 341 | _libssh2_hmac_update(&ctx, seqno_buf, 4) && 342 | _libssh2_hmac_update(&ctx, packet, packet_len); 343 | if(res && addtl && addtl_len) 344 | res = _libssh2_hmac_update(&ctx, addtl, addtl_len); 345 | if(res) 346 | res = _libssh2_hmac_final(&ctx, buf); 347 | _libssh2_hmac_cleanup(&ctx); 348 | 349 | return !res; 350 | } 351 | 352 | 353 | 354 | static const LIBSSH2_MAC_METHOD mac_method_hmac_md5 = { 355 | "hmac-md5", 356 | 16, 357 | 16, 358 | mac_method_common_init, 359 | mac_method_hmac_md5_hash, 360 | mac_method_common_dtor, 361 | 0 362 | }; 363 | 364 | /* mac_method_hmac_md5_96_hash 365 | * Calculate hash using first 96 bits of md5 value 366 | */ 367 | static int 368 | mac_method_hmac_md5_96_hash(LIBSSH2_SESSION * session, 369 | unsigned char *buf, uint32_t seqno, 370 | const unsigned char *packet, 371 | size_t packet_len, 372 | const unsigned char *addtl, 373 | size_t addtl_len, void **abstract) 374 | { 375 | unsigned char temp[MD5_DIGEST_LENGTH]; 376 | 377 | if(mac_method_hmac_md5_hash(session, temp, seqno, packet, packet_len, 378 | addtl, addtl_len, abstract)) 379 | return 1; 380 | 381 | memcpy(buf, (char *) temp, 96 / 8); 382 | return 0; 383 | } 384 | 385 | 386 | 387 | static const LIBSSH2_MAC_METHOD mac_method_hmac_md5_96 = { 388 | "hmac-md5-96", 389 | 12, 390 | 16, 391 | mac_method_common_init, 392 | mac_method_hmac_md5_96_hash, 393 | mac_method_common_dtor, 394 | 0 395 | }; 396 | #endif /* LIBSSH2_MD5 */ 397 | 398 | #if LIBSSH2_HMAC_RIPEMD 399 | /* mac_method_hmac_ripemd160_hash 400 | * Calculate hash using ripemd160 value 401 | */ 402 | static int 403 | mac_method_hmac_ripemd160_hash(LIBSSH2_SESSION * session, 404 | unsigned char *buf, uint32_t seqno, 405 | const unsigned char *packet, 406 | size_t packet_len, 407 | const unsigned char *addtl, 408 | size_t addtl_len, 409 | void **abstract) 410 | { 411 | libssh2_hmac_ctx ctx; 412 | unsigned char seqno_buf[4]; 413 | int res; 414 | (void)session; 415 | 416 | _libssh2_htonu32(seqno_buf, seqno); 417 | 418 | if(!_libssh2_hmac_ctx_init(&ctx)) 419 | return 1; 420 | res = _libssh2_hmac_ripemd160_init(&ctx, *abstract, 20) && 421 | _libssh2_hmac_update(&ctx, seqno_buf, 4) && 422 | _libssh2_hmac_update(&ctx, packet, packet_len); 423 | if(res && addtl && addtl_len) 424 | res = _libssh2_hmac_update(&ctx, addtl, addtl_len); 425 | if(res) 426 | res = _libssh2_hmac_final(&ctx, buf); 427 | _libssh2_hmac_cleanup(&ctx); 428 | 429 | return !res; 430 | } 431 | 432 | 433 | 434 | static const LIBSSH2_MAC_METHOD mac_method_hmac_ripemd160 = { 435 | "hmac-ripemd160", 436 | 20, 437 | 20, 438 | mac_method_common_init, 439 | mac_method_hmac_ripemd160_hash, 440 | mac_method_common_dtor, 441 | 0 442 | }; 443 | 444 | static const LIBSSH2_MAC_METHOD mac_method_hmac_ripemd160_openssh_com = { 445 | "hmac-ripemd160@openssh.com", 446 | 20, 447 | 20, 448 | mac_method_common_init, 449 | mac_method_hmac_ripemd160_hash, 450 | mac_method_common_dtor, 451 | 0 452 | }; 453 | #endif /* LIBSSH2_HMAC_RIPEMD */ 454 | 455 | static const LIBSSH2_MAC_METHOD *mac_methods[] = { 456 | #if LIBSSH2_HMAC_SHA256 457 | &mac_method_hmac_sha2_256, 458 | &mac_method_hmac_sha2_256_etm, 459 | #endif 460 | #if LIBSSH2_HMAC_SHA512 461 | &mac_method_hmac_sha2_512, 462 | &mac_method_hmac_sha2_512_etm, 463 | #endif 464 | &mac_method_hmac_sha1, 465 | &mac_method_hmac_sha1_etm, 466 | &mac_method_hmac_sha1_96, 467 | #if LIBSSH2_MD5 468 | &mac_method_hmac_md5, 469 | &mac_method_hmac_md5_96, 470 | #endif 471 | #if LIBSSH2_HMAC_RIPEMD 472 | &mac_method_hmac_ripemd160, 473 | &mac_method_hmac_ripemd160_openssh_com, 474 | #endif /* LIBSSH2_HMAC_RIPEMD */ 475 | #if defined(LIBSSH2DEBUG) && defined(LIBSSH2_MAC_NONE_INSECURE) 476 | &mac_method_none, 477 | #endif 478 | NULL 479 | }; 480 | 481 | const LIBSSH2_MAC_METHOD ** 482 | _libssh2_mac_methods(void) 483 | { 484 | return mac_methods; 485 | } 486 | 487 | #if LIBSSH2_AES_GCM 488 | static int 489 | mac_method_none_init(LIBSSH2_SESSION * session, unsigned char *key, 490 | int *free_key, void **abstract) 491 | { 492 | (void)session; 493 | (void)key; 494 | (void)free_key; 495 | (void)abstract; 496 | return 0; 497 | } 498 | 499 | static int 500 | mac_method_hmac_none_hash(LIBSSH2_SESSION * session, 501 | unsigned char *buf, uint32_t seqno, 502 | const unsigned char *packet, 503 | size_t packet_len, 504 | const unsigned char *addtl, 505 | size_t addtl_len, void **abstract) 506 | { 507 | (void)session; 508 | (void)buf; 509 | (void)seqno; 510 | (void)packet; 511 | (void)packet_len; 512 | (void)addtl; 513 | (void)addtl_len; 514 | (void)abstract; 515 | return 0; 516 | } 517 | 518 | static int 519 | mac_method_none_dtor(LIBSSH2_SESSION * session, void **abstract) 520 | { 521 | (void)session; 522 | (void)abstract; 523 | return 0; 524 | } 525 | 526 | /* Stub for aes256-gcm@openssh.com crypto type, which has an integrated 527 | HMAC method. This must not be added to mac_methods[] since it cannot be 528 | negotiated separately. */ 529 | static const LIBSSH2_MAC_METHOD mac_method_hmac_aesgcm = { 530 | "INTEGRATED-AES-GCM", /* made up name for display only */ 531 | 16, 532 | 16, 533 | mac_method_none_init, 534 | mac_method_hmac_none_hash, 535 | mac_method_none_dtor, 536 | 0 537 | }; 538 | #endif /* LIBSSH2_AES_GCM */ 539 | 540 | /* See if the negotiated crypto method has its own authentication scheme that 541 | * obviates the need for a separate negotiated hmac method */ 542 | const LIBSSH2_MAC_METHOD * 543 | _libssh2_mac_override(const LIBSSH2_CRYPT_METHOD *crypt) 544 | { 545 | #if LIBSSH2_AES_GCM 546 | if(!strcmp(crypt->name, "aes256-gcm@openssh.com") || 547 | !strcmp(crypt->name, "aes128-gcm@openssh.com")) 548 | return &mac_method_hmac_aesgcm; 549 | #else 550 | (void) crypt; 551 | #endif /* LIBSSH2_AES_GCM */ 552 | return NULL; 553 | } 554 | -------------------------------------------------------------------------------- /Sources/CSSH2/include/libssh2_sftp.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) Sara Golemon 2 | * All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, 5 | * with or without modification, are permitted provided 6 | * that the following conditions are met: 7 | * 8 | * Redistributions of source code must retain the above 9 | * copyright notice, this list of conditions and the 10 | * following disclaimer. 11 | * 12 | * Redistributions in binary form must reproduce the above 13 | * copyright notice, this list of conditions and the following 14 | * disclaimer in the documentation and/or other materials 15 | * provided with the distribution. 16 | * 17 | * Neither the name of the copyright holder nor the names 18 | * of any other contributors may be used to endorse or 19 | * promote products derived from this software without 20 | * specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 23 | * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 24 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 27 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 29 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 30 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 32 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 34 | * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 35 | * OF SUCH DAMAGE. 36 | * 37 | * SPDX-License-Identifier: BSD-3-Clause 38 | */ 39 | 40 | #ifndef LIBSSH2_SFTP_H 41 | #define LIBSSH2_SFTP_H 1 42 | 43 | #include "libssh2.h" 44 | 45 | #ifndef _WIN32 46 | #include 47 | #endif 48 | 49 | #ifdef __cplusplus 50 | extern "C" { 51 | #endif 52 | 53 | /* Note: Version 6 was documented at the time of writing 54 | * However it was marked as "DO NOT IMPLEMENT" due to pending changes 55 | * 56 | * Let's start with Version 3 (The version found in OpenSSH) and go from there 57 | */ 58 | #define LIBSSH2_SFTP_VERSION 3 59 | 60 | typedef struct _LIBSSH2_SFTP LIBSSH2_SFTP; 61 | typedef struct _LIBSSH2_SFTP_HANDLE LIBSSH2_SFTP_HANDLE; 62 | typedef struct _LIBSSH2_SFTP_ATTRIBUTES LIBSSH2_SFTP_ATTRIBUTES; 63 | typedef struct _LIBSSH2_SFTP_STATVFS LIBSSH2_SFTP_STATVFS; 64 | 65 | /* Flags for open_ex() */ 66 | #define LIBSSH2_SFTP_OPENFILE 0 67 | #define LIBSSH2_SFTP_OPENDIR 1 68 | 69 | /* Flags for rename_ex() */ 70 | #define LIBSSH2_SFTP_RENAME_OVERWRITE 0x00000001 71 | #define LIBSSH2_SFTP_RENAME_ATOMIC 0x00000002 72 | #define LIBSSH2_SFTP_RENAME_NATIVE 0x00000004 73 | 74 | /* Flags for stat_ex() */ 75 | #define LIBSSH2_SFTP_STAT 0 76 | #define LIBSSH2_SFTP_LSTAT 1 77 | #define LIBSSH2_SFTP_SETSTAT 2 78 | 79 | /* Flags for symlink_ex() */ 80 | #define LIBSSH2_SFTP_SYMLINK 0 81 | #define LIBSSH2_SFTP_READLINK 1 82 | #define LIBSSH2_SFTP_REALPATH 2 83 | 84 | /* Flags for sftp_mkdir() */ 85 | #define LIBSSH2_SFTP_DEFAULT_MODE -1 86 | 87 | /* SFTP attribute flag bits */ 88 | #define LIBSSH2_SFTP_ATTR_SIZE 0x00000001 89 | #define LIBSSH2_SFTP_ATTR_UIDGID 0x00000002 90 | #define LIBSSH2_SFTP_ATTR_PERMISSIONS 0x00000004 91 | #define LIBSSH2_SFTP_ATTR_ACMODTIME 0x00000008 92 | #define LIBSSH2_SFTP_ATTR_EXTENDED 0x80000000 93 | 94 | /* SFTP statvfs flag bits */ 95 | #define LIBSSH2_SFTP_ST_RDONLY 0x00000001 96 | #define LIBSSH2_SFTP_ST_NOSUID 0x00000002 97 | 98 | struct _LIBSSH2_SFTP_ATTRIBUTES { 99 | /* If flags & ATTR_* bit is set, then the value in this struct will be 100 | * meaningful Otherwise it should be ignored 101 | */ 102 | unsigned long flags; 103 | 104 | libssh2_uint64_t filesize; 105 | unsigned long uid, gid; 106 | unsigned long permissions; 107 | unsigned long atime, mtime; 108 | }; 109 | 110 | struct _LIBSSH2_SFTP_STATVFS { 111 | libssh2_uint64_t f_bsize; /* file system block size */ 112 | libssh2_uint64_t f_frsize; /* fragment size */ 113 | libssh2_uint64_t f_blocks; /* size of fs in f_frsize units */ 114 | libssh2_uint64_t f_bfree; /* # free blocks */ 115 | libssh2_uint64_t f_bavail; /* # free blocks for non-root */ 116 | libssh2_uint64_t f_files; /* # inodes */ 117 | libssh2_uint64_t f_ffree; /* # free inodes */ 118 | libssh2_uint64_t f_favail; /* # free inodes for non-root */ 119 | libssh2_uint64_t f_fsid; /* file system ID */ 120 | libssh2_uint64_t f_flag; /* mount flags */ 121 | libssh2_uint64_t f_namemax; /* maximum filename length */ 122 | }; 123 | 124 | /* SFTP filetypes */ 125 | #define LIBSSH2_SFTP_TYPE_REGULAR 1 126 | #define LIBSSH2_SFTP_TYPE_DIRECTORY 2 127 | #define LIBSSH2_SFTP_TYPE_SYMLINK 3 128 | #define LIBSSH2_SFTP_TYPE_SPECIAL 4 129 | #define LIBSSH2_SFTP_TYPE_UNKNOWN 5 130 | #define LIBSSH2_SFTP_TYPE_SOCKET 6 131 | #define LIBSSH2_SFTP_TYPE_CHAR_DEVICE 7 132 | #define LIBSSH2_SFTP_TYPE_BLOCK_DEVICE 8 133 | #define LIBSSH2_SFTP_TYPE_FIFO 9 134 | 135 | /* 136 | * Reproduce the POSIX file modes here for systems that are not POSIX 137 | * compliant. 138 | * 139 | * These is used in "permissions" of "struct _LIBSSH2_SFTP_ATTRIBUTES" 140 | */ 141 | /* File type */ 142 | #define LIBSSH2_SFTP_S_IFMT 0170000 /* type of file mask */ 143 | #define LIBSSH2_SFTP_S_IFIFO 0010000 /* named pipe (fifo) */ 144 | #define LIBSSH2_SFTP_S_IFCHR 0020000 /* character special */ 145 | #define LIBSSH2_SFTP_S_IFDIR 0040000 /* directory */ 146 | #define LIBSSH2_SFTP_S_IFBLK 0060000 /* block special */ 147 | #define LIBSSH2_SFTP_S_IFREG 0100000 /* regular */ 148 | #define LIBSSH2_SFTP_S_IFLNK 0120000 /* symbolic link */ 149 | #define LIBSSH2_SFTP_S_IFSOCK 0140000 /* socket */ 150 | 151 | /* File mode */ 152 | /* Read, write, execute/search by owner */ 153 | #define LIBSSH2_SFTP_S_IRWXU 0000700 /* RWX mask for owner */ 154 | #define LIBSSH2_SFTP_S_IRUSR 0000400 /* R for owner */ 155 | #define LIBSSH2_SFTP_S_IWUSR 0000200 /* W for owner */ 156 | #define LIBSSH2_SFTP_S_IXUSR 0000100 /* X for owner */ 157 | /* Read, write, execute/search by group */ 158 | #define LIBSSH2_SFTP_S_IRWXG 0000070 /* RWX mask for group */ 159 | #define LIBSSH2_SFTP_S_IRGRP 0000040 /* R for group */ 160 | #define LIBSSH2_SFTP_S_IWGRP 0000020 /* W for group */ 161 | #define LIBSSH2_SFTP_S_IXGRP 0000010 /* X for group */ 162 | /* Read, write, execute/search by others */ 163 | #define LIBSSH2_SFTP_S_IRWXO 0000007 /* RWX mask for other */ 164 | #define LIBSSH2_SFTP_S_IROTH 0000004 /* R for other */ 165 | #define LIBSSH2_SFTP_S_IWOTH 0000002 /* W for other */ 166 | #define LIBSSH2_SFTP_S_IXOTH 0000001 /* X for other */ 167 | 168 | /* macros to check for specific file types, added in 1.2.5 */ 169 | #define LIBSSH2_SFTP_S_ISLNK(m) \ 170 | (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFLNK) 171 | #define LIBSSH2_SFTP_S_ISREG(m) \ 172 | (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFREG) 173 | #define LIBSSH2_SFTP_S_ISDIR(m) \ 174 | (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFDIR) 175 | #define LIBSSH2_SFTP_S_ISCHR(m) \ 176 | (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFCHR) 177 | #define LIBSSH2_SFTP_S_ISBLK(m) \ 178 | (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFBLK) 179 | #define LIBSSH2_SFTP_S_ISFIFO(m) \ 180 | (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFIFO) 181 | #define LIBSSH2_SFTP_S_ISSOCK(m) \ 182 | (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFSOCK) 183 | 184 | /* SFTP File Transfer Flags -- (e.g. flags parameter to sftp_open()) 185 | * Danger will robinson... APPEND doesn't have any effect on OpenSSH servers */ 186 | #define LIBSSH2_FXF_READ 0x00000001 187 | #define LIBSSH2_FXF_WRITE 0x00000002 188 | #define LIBSSH2_FXF_APPEND 0x00000004 189 | #define LIBSSH2_FXF_CREAT 0x00000008 190 | #define LIBSSH2_FXF_TRUNC 0x00000010 191 | #define LIBSSH2_FXF_EXCL 0x00000020 192 | 193 | /* SFTP Status Codes (returned by libssh2_sftp_last_error() ) */ 194 | #define LIBSSH2_FX_OK 0UL 195 | #define LIBSSH2_FX_EOF 1UL 196 | #define LIBSSH2_FX_NO_SUCH_FILE 2UL 197 | #define LIBSSH2_FX_PERMISSION_DENIED 3UL 198 | #define LIBSSH2_FX_FAILURE 4UL 199 | #define LIBSSH2_FX_BAD_MESSAGE 5UL 200 | #define LIBSSH2_FX_NO_CONNECTION 6UL 201 | #define LIBSSH2_FX_CONNECTION_LOST 7UL 202 | #define LIBSSH2_FX_OP_UNSUPPORTED 8UL 203 | #define LIBSSH2_FX_INVALID_HANDLE 9UL 204 | #define LIBSSH2_FX_NO_SUCH_PATH 10UL 205 | #define LIBSSH2_FX_FILE_ALREADY_EXISTS 11UL 206 | #define LIBSSH2_FX_WRITE_PROTECT 12UL 207 | #define LIBSSH2_FX_NO_MEDIA 13UL 208 | #define LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM 14UL 209 | #define LIBSSH2_FX_QUOTA_EXCEEDED 15UL 210 | #define LIBSSH2_FX_UNKNOWN_PRINCIPLE 16UL /* Initial mis-spelling */ 211 | #define LIBSSH2_FX_UNKNOWN_PRINCIPAL 16UL 212 | #define LIBSSH2_FX_LOCK_CONFlICT 17UL /* Initial mis-spelling */ 213 | #define LIBSSH2_FX_LOCK_CONFLICT 17UL 214 | #define LIBSSH2_FX_DIR_NOT_EMPTY 18UL 215 | #define LIBSSH2_FX_NOT_A_DIRECTORY 19UL 216 | #define LIBSSH2_FX_INVALID_FILENAME 20UL 217 | #define LIBSSH2_FX_LINK_LOOP 21UL 218 | 219 | /* Returned by any function that would block during a read/write operation */ 220 | #define LIBSSH2SFTP_EAGAIN LIBSSH2_ERROR_EAGAIN 221 | 222 | /* SFTP API */ 223 | LIBSSH2_API LIBSSH2_SFTP *libssh2_sftp_init(LIBSSH2_SESSION *session); 224 | LIBSSH2_API int libssh2_sftp_shutdown(LIBSSH2_SFTP *sftp); 225 | LIBSSH2_API unsigned long libssh2_sftp_last_error(LIBSSH2_SFTP *sftp); 226 | LIBSSH2_API LIBSSH2_CHANNEL *libssh2_sftp_get_channel(LIBSSH2_SFTP *sftp); 227 | 228 | /* File / Directory Ops */ 229 | LIBSSH2_API LIBSSH2_SFTP_HANDLE * 230 | libssh2_sftp_open_ex(LIBSSH2_SFTP *sftp, 231 | const char *filename, 232 | unsigned int filename_len, 233 | unsigned long flags, 234 | long mode, int open_type); 235 | #define libssh2_sftp_open(sftp, filename, flags, mode) \ 236 | libssh2_sftp_open_ex((sftp), \ 237 | (filename), (unsigned int)strlen(filename), \ 238 | (flags), (mode), LIBSSH2_SFTP_OPENFILE) 239 | #define libssh2_sftp_opendir(sftp, path) \ 240 | libssh2_sftp_open_ex((sftp), \ 241 | (path), (unsigned int)strlen(path), \ 242 | 0, 0, LIBSSH2_SFTP_OPENDIR) 243 | LIBSSH2_API LIBSSH2_SFTP_HANDLE * 244 | libssh2_sftp_open_ex_r(LIBSSH2_SFTP *sftp, 245 | const char *filename, 246 | size_t filename_len, 247 | unsigned long flags, 248 | long mode, int open_type, 249 | LIBSSH2_SFTP_ATTRIBUTES *attrs); 250 | #define libssh2_sftp_open_r(sftp, filename, flags, mode, attrs) \ 251 | libssh2_sftp_open_ex_r((sftp), (filename), strlen(filename), \ 252 | (flags), (mode), LIBSSH2_SFTP_OPENFILE, \ 253 | (attrs)) 254 | 255 | LIBSSH2_API ssize_t libssh2_sftp_read(LIBSSH2_SFTP_HANDLE *handle, 256 | char *buffer, size_t buffer_maxlen); 257 | 258 | LIBSSH2_API int libssh2_sftp_readdir_ex(LIBSSH2_SFTP_HANDLE *handle, \ 259 | char *buffer, size_t buffer_maxlen, 260 | char *longentry, 261 | size_t longentry_maxlen, 262 | LIBSSH2_SFTP_ATTRIBUTES *attrs); 263 | #define libssh2_sftp_readdir(handle, buffer, buffer_maxlen, attrs) \ 264 | libssh2_sftp_readdir_ex((handle), (buffer), (buffer_maxlen), NULL, 0, \ 265 | (attrs)) 266 | 267 | LIBSSH2_API ssize_t libssh2_sftp_write(LIBSSH2_SFTP_HANDLE *handle, 268 | const char *buffer, size_t count); 269 | LIBSSH2_API int libssh2_sftp_fsync(LIBSSH2_SFTP_HANDLE *handle); 270 | 271 | LIBSSH2_API int libssh2_sftp_close_handle(LIBSSH2_SFTP_HANDLE *handle); 272 | #define libssh2_sftp_close(handle) libssh2_sftp_close_handle(handle) 273 | #define libssh2_sftp_closedir(handle) libssh2_sftp_close_handle(handle) 274 | 275 | LIBSSH2_API void libssh2_sftp_seek(LIBSSH2_SFTP_HANDLE *handle, size_t offset); 276 | LIBSSH2_API void libssh2_sftp_seek64(LIBSSH2_SFTP_HANDLE *handle, 277 | libssh2_uint64_t offset); 278 | #define libssh2_sftp_rewind(handle) libssh2_sftp_seek64((handle), 0) 279 | 280 | LIBSSH2_API size_t libssh2_sftp_tell(LIBSSH2_SFTP_HANDLE *handle); 281 | LIBSSH2_API libssh2_uint64_t libssh2_sftp_tell64(LIBSSH2_SFTP_HANDLE *handle); 282 | 283 | LIBSSH2_API int libssh2_sftp_fstat_ex(LIBSSH2_SFTP_HANDLE *handle, 284 | LIBSSH2_SFTP_ATTRIBUTES *attrs, 285 | int setstat); 286 | #define libssh2_sftp_fstat(handle, attrs) \ 287 | libssh2_sftp_fstat_ex((handle), (attrs), 0) 288 | #define libssh2_sftp_fsetstat(handle, attrs) \ 289 | libssh2_sftp_fstat_ex((handle), (attrs), 1) 290 | 291 | /* Miscellaneous Ops */ 292 | LIBSSH2_API int libssh2_sftp_rename_ex(LIBSSH2_SFTP *sftp, 293 | const char *source_filename, 294 | unsigned int srouce_filename_len, 295 | const char *dest_filename, 296 | unsigned int dest_filename_len, 297 | long flags); 298 | #define libssh2_sftp_rename(sftp, sourcefile, destfile) \ 299 | libssh2_sftp_rename_ex((sftp), \ 300 | (sourcefile), (unsigned int)strlen(sourcefile), \ 301 | (destfile), (unsigned int)strlen(destfile), \ 302 | LIBSSH2_SFTP_RENAME_OVERWRITE | \ 303 | LIBSSH2_SFTP_RENAME_ATOMIC | \ 304 | LIBSSH2_SFTP_RENAME_NATIVE) 305 | 306 | LIBSSH2_API int libssh2_sftp_posix_rename_ex(LIBSSH2_SFTP *sftp, 307 | const char *source_filename, 308 | size_t srouce_filename_len, 309 | const char *dest_filename, 310 | size_t dest_filename_len); 311 | #define libssh2_sftp_posix_rename(sftp, sourcefile, destfile) \ 312 | libssh2_sftp_posix_rename_ex((sftp), (sourcefile), strlen(sourcefile), \ 313 | (destfile), strlen(destfile)) 314 | 315 | LIBSSH2_API int libssh2_sftp_unlink_ex(LIBSSH2_SFTP *sftp, 316 | const char *filename, 317 | unsigned int filename_len); 318 | #define libssh2_sftp_unlink(sftp, filename) \ 319 | libssh2_sftp_unlink_ex((sftp), (filename), (unsigned int)strlen(filename)) 320 | 321 | LIBSSH2_API int libssh2_sftp_fstatvfs(LIBSSH2_SFTP_HANDLE *handle, 322 | LIBSSH2_SFTP_STATVFS *st); 323 | 324 | LIBSSH2_API int libssh2_sftp_statvfs(LIBSSH2_SFTP *sftp, 325 | const char *path, 326 | size_t path_len, 327 | LIBSSH2_SFTP_STATVFS *st); 328 | 329 | LIBSSH2_API int libssh2_sftp_mkdir_ex(LIBSSH2_SFTP *sftp, 330 | const char *path, 331 | unsigned int path_len, long mode); 332 | #define libssh2_sftp_mkdir(sftp, path, mode) \ 333 | libssh2_sftp_mkdir_ex((sftp), (path), (unsigned int)strlen(path), (mode)) 334 | 335 | LIBSSH2_API int libssh2_sftp_rmdir_ex(LIBSSH2_SFTP *sftp, 336 | const char *path, 337 | unsigned int path_len); 338 | #define libssh2_sftp_rmdir(sftp, path) \ 339 | libssh2_sftp_rmdir_ex((sftp), (path), (unsigned int)strlen(path)) 340 | 341 | LIBSSH2_API int libssh2_sftp_stat_ex(LIBSSH2_SFTP *sftp, 342 | const char *path, 343 | unsigned int path_len, 344 | int stat_type, 345 | LIBSSH2_SFTP_ATTRIBUTES *attrs); 346 | #define libssh2_sftp_stat(sftp, path, attrs) \ 347 | libssh2_sftp_stat_ex((sftp), (path), (unsigned int)strlen(path), \ 348 | LIBSSH2_SFTP_STAT, (attrs)) 349 | #define libssh2_sftp_lstat(sftp, path, attrs) \ 350 | libssh2_sftp_stat_ex((sftp), (path), (unsigned int)strlen(path), \ 351 | LIBSSH2_SFTP_LSTAT, (attrs)) 352 | #define libssh2_sftp_setstat(sftp, path, attrs) \ 353 | libssh2_sftp_stat_ex((sftp), (path), (unsigned int)strlen(path), \ 354 | LIBSSH2_SFTP_SETSTAT, (attrs)) 355 | 356 | LIBSSH2_API int libssh2_sftp_symlink_ex(LIBSSH2_SFTP *sftp, 357 | const char *path, 358 | unsigned int path_len, 359 | char *target, 360 | unsigned int target_len, 361 | int link_type); 362 | #define libssh2_sftp_symlink(sftp, orig, linkpath) \ 363 | libssh2_sftp_symlink_ex((sftp), \ 364 | (orig), (unsigned int)strlen(orig), \ 365 | (linkpath), (unsigned int)strlen(linkpath), \ 366 | LIBSSH2_SFTP_SYMLINK) 367 | #define libssh2_sftp_readlink(sftp, path, target, maxlen) \ 368 | libssh2_sftp_symlink_ex((sftp), \ 369 | (path), (unsigned int)strlen(path), \ 370 | (target), (maxlen), \ 371 | LIBSSH2_SFTP_READLINK) 372 | #define libssh2_sftp_realpath(sftp, path, target, maxlen) \ 373 | libssh2_sftp_symlink_ex((sftp), \ 374 | (path), (unsigned int)strlen(path), \ 375 | (target), (maxlen), \ 376 | LIBSSH2_SFTP_REALPATH) 377 | 378 | #ifdef __cplusplus 379 | } /* extern "C" */ 380 | #endif 381 | 382 | #endif /* LIBSSH2_SFTP_H */ 383 | --------------------------------------------------------------------------------