Subject: Added OS X Native Crypto Support

Added OS X Native Crypto Support

From: Keith Duncan <keith.duncan_at_github.com>
Date: Tue, 2 Dec 2014 15:34:33 +0000

Hello everyone,

Similar to the WinCNG crypto backend I’ve added support for using the OS X native crypto support as a libssh2 crypto backend.

https://github.com/keithduncan/libssh2 <https://github.com/keithduncan/libssh2>

SHA1 and MD5 hashes
HMAC_SHA1 and HMAC_MD5 signatures

It supports both [RSA and DSA](https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.h#L39-L40 <https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.h#L39-L40>) asymmetric encryption.

Multiple RSA private key [formats](https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.c#L663-L668 <https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.c#L663-L668>)
Multiple DSA private key [formats](https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.c#L1000-L1005 <https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.c#L1000-L1005>).

Private -> Public key file [conversion](https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.c#L1382 <https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.c#L1382>).

[AES, Blowfish, RC4, CAST, 3DES](https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.h#L51-L56 <https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.h#L51-L56>) symmetric encryption.

CCCryptorRef claims to implement AES CTR mode but returns an unimplemented error at runtime.

It looks like Nick Zitzmann also started a similar project in 2012 but discovered that there’s no public BigNum API in OS X http://lists.apple.com/archives/apple-cdsa/2012/Aug/msg00009.html <http://lists.apple.com/archives/apple-cdsa/2012/Aug/msg00009.html>

I ran in to the same issue but went ahead and used the private BigNum API he references. For this reason I’m not sure that this would be a good candidate for submitting upstream. Then again perhaps it could serve as a compelling reason for the API to be made public if it would enable OS X native SSH2 crypto.

I hope this is of interest, let me know if there’s any interest in a patch.

Cheers,
Keith

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2014-12-02