From libssh2-devel-bounces@cool.haxx.se Wed Mar 5 11:54:45 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s25AsHox002264; Wed, 5 Mar 2014 11:54:40 +0100 Received: from ns1.jetlan.com (ns1.jetlan.com [27.112.72.6]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with SMTP id s25AsCc5002201 for ; Wed, 5 Mar 2014 11:54:14 +0100 Received: from ns1.jetlan.com ([fe80::80df:3708:15e8:dcd5]) by ns1.jetlan.com ([fe80::80df:3708:15e8:dcd5%10]) with mapi id 14.03.0174.001; Wed, 5 Mar 2014 21:19:45 +1030 From: Mal To: "libssh2-devel@cool.haxx.se" Subject: ssh to cisco switch Thread-Topic: ssh to cisco switch Thread-Index: Ac84YT7dIWgaq82MSD+2FCoZkf+mgg== Date: Wed, 5 Mar 2014 10:49:44 +0000 Message-ID: <5D9D0076CC00604E800A0F88FCD446AA257D862B@ns1.jetlan.com> Accept-Language: en-AU, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [27.112.72.20] MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0283475669==" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" --===============0283475669== Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_5D9D0076CC00604E800A0F88FCD446AA257D862Bns1jetlancom_" --_000_5D9D0076CC00604E800A0F88FCD446AA257D862Bns1jetlancom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello Just wondering if anyone has coded an example to execute a "show version" (= remote command) for a Cisco switch (or any manageable type device) before. ie, using libssh, connect to a device (via SSH), execute "show version" and= return the output.. Cheers, Mal --_000_5D9D0076CC00604E800A0F88FCD446AA257D862Bns1jetlancom_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hello

Just wondering if anyone has coded an example to exe= cute a “show version” (remote command) for a Cisco switch (or a= ny manageable type device) before.

ie, using libssh, connect to a device (via SSH), exe= cute “show version” and return the output..

Cheers,

Mal

--_000_5D9D0076CC00604E800A0F88FCD446AA257D862Bns1jetlancom_-- --===============0283475669== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel --===============0283475669==-- From libssh2-devel-bounces@cool.haxx.se Wed Mar 5 15:26:54 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s25EQcpw002697; Wed, 5 Mar 2014 15:26:49 +0100 Received: from foo.stuge.se (qmailr@foo.stuge.se [212.116.89.98]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s25EQa4O002258 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 5 Mar 2014 15:26:36 +0100 Received: (qmail 8665 invoked by uid 501); 5 Mar 2014 14:26:36 -0000 Message-ID: <20140305142636.8664.qmail@stuge.se> Date: Wed, 5 Mar 2014 15:26:36 +0100 From: Peter Stuge To: libssh2-devel@cool.haxx.se Subject: Re: ssh to cisco switch Mail-Followup-To: libssh2-devel@cool.haxx.se References: <5D9D0076CC00604E800A0F88FCD446AA257D862B@ns1.jetlan.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <5D9D0076CC00604E800A0F88FCD446AA257D862B@ns1.jetlan.com> X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Mal wrote: > Just wondering if anyone has coded an example to execute a "show version" > (remote command) for a Cisco switch (or any manageable type device) before. You need to implement a (simple) terminal emulator and use screen-scraping techniques, if your manageable type device doesn't implement a documented protocol which you can use. A random command line interface is not a documented protocol. The task you have in mind is neither fun nor simple. //Peter _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Sat Mar 8 14:36:30 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s28DZxNn026234; Sat, 8 Mar 2014 14:36:24 +0100 Received: from bay0-omc4-s5.bay0.hotmail.com (bay0-omc4-s5.bay0.hotmail.com [65.54.190.207]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s28DZvQI026149 for ; Sat, 8 Mar 2014 14:35:58 +0100 Received: from BAY407-EAS225 ([65.54.190.199]) by bay0-omc4-s5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Sat, 8 Mar 2014 05:35:53 -0800 X-TMN: [aYuEs5tI0UAijCc3Puc38LWN7CUaZxIM] X-Originating-Email: [bob_2824@hotmail.com] Message-ID: From: Bob Kast To: Subject: SFTP read problems Date: Sat, 8 Mar 2014 08:35:51 -0500 MIME-Version: 1.0 X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQABAgMEFxRXqxn/XYPKtFDrX/SDow== Content-Language: en-us X-OriginalArrivalTime: 08 Mar 2014 13:35:53.0547 (UTC) FILETIME=[53CCB9B0:01CF3AD3] X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" I'm trying to use libssh2 (and openssl) for doing SFTP transfers on Windows platforms (x64 and x86). I got it all compiled (although the x64 compile puts out a lot of warnings - I haven't looked at them all but they seem to be innocuous). I have a problem in doing an SFTP read. I took the code from the examples dir. When doing a read a file that is about 12k, it fails partway through with LIBSSH2_ERROR_SFTP_PROTOCOL. In looking closer, it is at this point in sftp.c: if(rc32 > chunk->len) { /* A chunk larger than we requested was returned to us. This is a protocol violation and we don't know how to deal with it. Bail out! */ return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, "FXP_READ response too big"); } My code requests a block of 4096. It multiplies that by 4 (16,384), then it starts doing packets requesting 2000 characters. After it's done 8 of these, the 'count' goes down to 384, which is what chunk->len is set to above. rc32 is set to 2000 so it fails. I've found if I have the requested buffer at exactly a multiple of 2000, it seems to work, although I'm somewhat nervous about it working for all cases. Is this expected? It is not documented. Thanks, Bob _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Sat Mar 8 14:45:14 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s28DjBRi003051; Sat, 8 Mar 2014 14:45:13 +0100 Received: from mx.uxnr.de (mx.uxnr.de [IPv6:2a00:1828:2000:378:2525:0:59ee:542f]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s28DjARE002993 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sat, 8 Mar 2014 14:45:10 +0100 Received: from [10.2.2.10] (MH01.ma01.uxnr.net [10.2.2.10]) by mx.uxnr.de (Postfix) with ESMTPSA id A781E377C17 for ; Sat, 8 Mar 2014 14:45:08 +0100 (CET) X-DKIM: OpenDKIM Filter v2.6.8 mx.uxnr.de A781E377C17 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=marc-hoersken.de; s=picard; t=1394286308; bh=OUNIiYbIl7yftk1DRddz0H+hBJ0JWSMf+8QRpMKgoIE=; h=Date:From:To:Subject:References:In-Reply-To:From; b=0R8T5kU74+/YPuod37lkZ7VkKOvC2dNMMNGDXUTAoEmJs0SIYh7OAd+tCOa7biJjz +oDYohBMF4C+ej4i3+bRUFKaALKzzX8jouB1cPzD30iaOxExEv3fNs7OviyZ+DKu/h suQcNOUXbqORW1csHQPN8vvnRj8s5+dJEb5sqKgw= Message-ID: <531B1EDD.4050804@marc-hoersken.de> Date: Sat, 08 Mar 2014 14:45:01 +0100 From: Marc Hoersken User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: libssh2-devel@cool.haxx.se Subject: Re: [PATCH] Added Windows Cryptography API: Next Generation backend References: <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20130922151824.23037.qmail@stuge.se> <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20131113020632.28469.qmail@stuge.se> <52895481.30407@marc-hoersken.de> In-Reply-To: <52895481.30407@marc-hoersken.de> X-Enigmail-Version: 1.6 X-Spam-Status: No, score=-1.1 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU autolearn=unavailable version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on picard.vpn.uxnr.de X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Hello everyone, what do you think about making some progress regarding the implementation and merge of the Windows Cryptography API: Next Generation backend. On the 19th of January I send the following questions and suggestions to Peter: > Do you have an idea on how to improve pem.c or make it prettier? I think > we could either split the file into smaller chunks or completely remove > the ifdef-logic to always include it's functions with no regards to the > used crypto backend. > > With regards to the remaining buildsystem and makefile updates to > support the new approach to crypto library selection, would you mind > merging the patch I already posted to support building with OpenSSL on > Windows again? What do you think about these? Maybe we can make some progress based upon the patch I send on the 18th of November last year. Thanks in advance and best regards, Marc _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Wed Mar 12 20:42:53 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2CJgRAr029948; Wed, 12 Mar 2014 20:42:49 +0100 Received: from giant.haxx.se (dast@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2CJgPgU029836 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 12 Mar 2014 20:42:25 +0100 Received: from localhost (dast@localhost) by giant.haxx.se (8.14.4/8.14.4/Submit) with ESMTP id s2CJgPDS029833 for ; Wed, 12 Mar 2014 20:42:25 +0100 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Wed, 12 Mar 2014 20:42:25 +0100 (CET) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: Re: SFTP read problems In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (DEB 1167 2008-08-23) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" On Sat, 8 Mar 2014, Bob Kast wrote: > When doing a read a file that is about 12k, it fails partway through with > LIBSSH2_ERROR_SFTP_PROTOCOL. In looking closer, it is at this point in > sftp.c: > > if(rc32 > chunk->len) { > /* A chunk larger than we requested was returned to us. > This is a protocol violation and we don't know how to > deal with it. Bail out! */ > return _libssh2_error(session, > LIBSSH2_ERROR_SFTP_PROTOCOL, > "FXP_READ response too big"); > } > > My code requests a block of 4096. It multiplies that by 4 (16,384), then it > starts doing packets requesting 2000 characters. After it's done 8 of these, > the 'count' goes down to 384, which is what chunk->len is set to above. rc32 > is set to 2000 so it fails. I assume you're trying with the latest libssh2 version? > I've found if I have the requested buffer at exactly a multiple of 2000, it > seems to work, although I'm somewhat nervous about it working for all cases. > > Is this expected? It is not documented. It is not expected. The check above is there to detect the error situation when a server returns a bigger chunk than what we asked for. libssh2 splits up data sizes into smaller chunks and ask for them one by one, so chunk->len is supposed to be the size of the chunk it asked for. -- / daniel.haxx.se _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Wed Mar 12 20:44:06 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2CJi4Is003772; Wed, 12 Mar 2014 20:44:06 +0100 Received: from giant.haxx.se (dast@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2CJi375003760 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 12 Mar 2014 20:44:03 +0100 Received: from localhost (dast@localhost) by giant.haxx.se (8.14.4/8.14.4/Submit) with ESMTP id s2CJi39v003756 for ; Wed, 12 Mar 2014 20:44:03 +0100 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Wed, 12 Mar 2014 20:44:03 +0100 (CET) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: Re: [PATCH] Added Windows Cryptography API: Next Generation backend In-Reply-To: <531B1EDD.4050804@marc-hoersken.de> Message-ID: References: <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20130922151824.23037.qmail@stuge.se> <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20131113020632.28469.qmail@stuge.se> <52895481.30407@marc-hoersken.de> <531B1EDD.4050804@marc-hoersken.de> User-Agent: Alpine 2.00 (DEB 1167 2008-08-23) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" On Sat, 8 Mar 2014, Marc Hoersken wrote: > what do you think about making some progress regarding the implementation > and merge of the Windows Cryptography API: Next Generation backend. Can you summerize for us what the outstanding issues/patches are? -- / daniel.haxx.se _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Wed Mar 12 22:22:47 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2CLMXeF015768; Wed, 12 Mar 2014 22:22:46 +0100 Received: from mx.uxnr.de (mx.uxnr.de [IPv6:2a00:1828:2000:378:2525:0:59ee:542f]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2CLMV3D015618 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 12 Mar 2014 22:22:31 +0100 Received: from [10.10.0.3] (mh02.marc.uxnr.eu [10.10.0.3]) by mx.uxnr.de (Postfix) with ESMTPSA id 388EB1C5A54A for ; Wed, 12 Mar 2014 22:22:30 +0100 (CET) X-DKIM: OpenDKIM Filter v2.6.8 mx.uxnr.de 388EB1C5A54A DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=marc-hoersken.de; s=picard; t=1394659353; bh=qNEiEeI7hxQ+yr7iH58SJwq2CZ0HW+f2rzZ7IdnN1H0=; h=Date:From:To:Subject:References:In-Reply-To:From; b=UttOK5NwdnNgLlKDRKJvbtJW9u2INrW/YK2ZYUr/rb0TocgzN+CXE0NTZVSUBJOjN 7hJ0MknkiEllf6Mc+SCTu2LZPxuxz6fubUQD1Ldfm7wUO35CiJtjop3lccpnjV4CRl x8xzkpGOZkQ2/9o9VC0bv6791wIam+J9J3YO66ZU= Message-ID: <5320D009.2000901@marc-hoersken.de> Date: Wed, 12 Mar 2014 22:22:17 +0100 From: Marc Hoersken User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: libssh2 development Subject: Re: [PATCH] Added Windows Cryptography API: Next Generation backend References: <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20130922151824.23037.qmail@stuge.se> <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20131113020632.28469.qmail@stuge.se> <52895481.30407@marc-hoersken.de> <531B1EDD.4050804@marc-hoersken.de> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: multipart/mixed; boundary="------------060305020901020006070502" X-Spam-Status: No, score=-1.1 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU autolearn=unavailable version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on picard.vpn.uxnr.de X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" This is a multi-part message in MIME format. --------------060305020901020006070502 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 12.03.2014 20:44, Daniel Stenberg wrote: > Can you summerize for us what the outstanding issues/patches are? I think the outstanding issues / possible areas of improvement are: - reducing the ifdef-backend-logic within pem.c, at least that was a suggestion by Peter in his mail from the 13th November: > I think we need to figure something better out here. Is there a reason > not to simply always compile those first few functions in pem.c? - not directly related to the WinCNG backend, but rather Peter's changes to the backend selection logic: fixing the non-autotools based buildsystem to compile again. Attached you will find my previously posted patches for each of these aspects, taken from my previous mails. --------------060305020901020006070502 Content-Type: text/plain; charset=windows-1252; name="0001-Added-Windows-Cryptography-API-Next-Generation-based.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0001-Added-Windows-Cryptography-API-Next-Generation-based.pa"; filename*1="tch" From b6ebec932b0accd93e5f5a9bc66d18aeb084573a Mon Sep 17 00:00:00 2001 From: Marc Hoersken Date: Mon, 18 Nov 2013 00:27:01 +0100 Subject: [PATCH] Added Windows Cryptography API: Next Generation based backend --- Makefile.WinCNG.inc | 2 + configure.ac | 34 +- src/Makefile.am | 3 + src/crypto.h | 4 + src/pem.c | 8 +- src/wincng.c | 1782 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/wincng.h | 327 ++++++++++ 7 files changed, 2157 insertions(+), 3 deletions(-) create mode 100644 Makefile.WinCNG.inc create mode 100644 src/wincng.c create mode 100644 src/wincng.h diff --git a/Makefile.WinCNG.inc b/Makefile.WinCNG.inc new file mode 100644 index 0000000..c18350e --- /dev/null +++ b/Makefile.WinCNG.inc @@ -0,0 +1,2 @@ +CRYPTO_CSOURCES = wincng.c +CRYPTO_HHEADERS = wincng.h diff --git a/configure.ac b/configure.ac index b24ace2..ba4dd7a 100644 --- a/configure.ac +++ b/configure.ac @@ -89,6 +89,9 @@ AC_ARG_WITH(openssl, AC_ARG_WITH(libgcrypt, AC_HELP_STRING([--with-libgcrypt],[Use libgcrypt for crypto]), use_libgcrypt=$withval,use_libgcrypt=auto) +AC_ARG_WITH(wincng, + AC_HELP_STRING([--with-wincng],[Use Windows CNG for crypto]), + use_wincng=$withval,use_wincng=auto) AC_ARG_WITH(libz, AC_HELP_STRING([--with-libz],[Use zlib for compression]), use_libz=$withval,use_libz=auto) @@ -125,10 +128,37 @@ if test "$ac_cv_libgcrypt" = "yes"; then fi AM_CONDITIONAL(LIBGCRYPT, test "$ac_cv_libgcrypt" = "yes") +# Look for Windows Cryptography API: Next Generation +if test "$found_crypto" = "none" && test "$use_wincng" != "no"; then + AC_LIB_HAVE_LINKFLAGS([bcrypt], [], [ + #include + #include + ]) + AC_LIB_HAVE_LINKFLAGS([crypt32], [], [ + #include + #include + ]) + AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [ + #include + ]) +fi +if test "$ac_cv_libbcrypt" = "yes"; then + AC_DEFINE(LIBSSH2_WINCNG, 1, [Use Windows CNG]) + LIBSREQUIRED= # wincng doesn't provide a .pc file. sad face. + LIBS="$LIBS -lbcrypt" + if test "$ac_cv_libcrypt32" = "yes"; then + LIBS="$LIBS -lcrypt32" + fi + found_crypto="Windows Cryptography API: Next Generation" +fi +AM_CONDITIONAL(WINCNG, test "$ac_cv_libbcrypt" = "yes") + +# Check if crypto library was found if test "$found_crypto" = "none"; then AC_MSG_ERROR([No crypto library found! -Try --with-libssl-prefix=PATH\ - or --with-libgcrypt-prefix=PATH\ +Try --with-libssl-prefix=PATH + or --with-libgcrypt-prefix=PATH + or --with-wincng on Windows\ ]) fi diff --git a/src/Makefile.am b/src/Makefile.am index da7beb5..5979a27 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -8,6 +8,9 @@ endif if LIBGCRYPT include ../Makefile.libgcrypt.inc endif +if WINCNG +include ../Makefile.WinCNG.inc +endif # Makefile.inc provides the CSOURCES and HHEADERS defines include ../Makefile.inc diff --git a/src/crypto.h b/src/crypto.h index 9a052e3..a615bb1 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -46,6 +46,10 @@ #include "libgcrypt.h" #endif +#ifdef LIBSSH2_WINCNG +#include "wincng.h" +#endif + int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa, const unsigned char *edata, unsigned long elen, diff --git a/src/pem.c b/src/pem.c index 5749bc8..374870b 100644 --- a/src/pem.c +++ b/src/pem.c @@ -38,7 +38,8 @@ #include "libssh2_priv.h" -#ifdef LIBSSH2_LIBGCRYPT /* compile only if we build with libgcrypt */ +/* compile only if we build with libgcrypt or wincng */ +#if defined(LIBSSH2_LIBGCRYPT) || defined(LIBSSH2_WINCNG) static int readline(char *line, int line_size, FILE * fp) @@ -113,6 +114,11 @@ _libssh2_pem_parse(LIBSSH2_SESSION * session, return ret; } +#endif /* LIBSSH2_LIBGCRYPT or LIBSSH2_WINCNG */ + +/* compile only if we build with libgcrypt */ +#ifdef LIBSSH2_LIBGCRYPT + static int read_asn1_length(const unsigned char *data, unsigned int datalen, unsigned int *len) diff --git a/src/wincng.c b/src/wincng.c new file mode 100644 index 0000000..a475341 --- /dev/null +++ b/src/wincng.c @@ -0,0 +1,1782 @@ +/* + * Copyright (C) 2013 Marc Hoersken + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" + +#ifdef LIBSSH2_WINCNG /* compile only if we build with wincng */ + +#include + +#ifdef HAVE_STDLIB_H +#include +#endif +#ifdef HAVE_LIBCRYPT32 +#include +#endif + + +/*******************************************************************/ +/* + * Windows CNG backend: Missing definitions (for MinGW[-w64]) + */ +#ifndef BCRYPT_RNG_ALGORITHM +#define BCRYPT_RNG_ALGORITHM L"RNG" +#endif + +#ifndef BCRYPT_MD5_ALGORITHM +#define BCRYPT_MD5_ALGORITHM L"MD5" +#endif + +#ifndef BCRYPT_SHA1_ALGORITHM +#define BCRYPT_SHA1_ALGORITHM L"SHA1" +#endif + +#ifndef BCRYPT_RSA_ALGORITHM +#define BCRYPT_RSA_ALGORITHM L"RSA" +#endif + +#ifndef BCRYPT_DSA_ALGORITHM +#define BCRYPT_DSA_ALGORITHM L"DSA" +#endif + +#ifndef BCRYPT_AES_ALGORITHM +#define BCRYPT_AES_ALGORITHM L"AES" +#endif + +#ifndef BCRYPT_RC4_ALGORITHM +#define BCRYPT_RC4_ALGORITHM L"RC4" +#endif + +#ifndef BCRYPT_3DES_ALGORITHM +#define BCRYPT_3DES_ALGORITHM L"3DES" +#endif + +#ifndef BCRYPT_ALG_HANDLE_HMAC_FLAG +#define BCRYPT_ALG_HANDLE_HMAC_FLAG 0x00000008 +#endif + +#ifndef BCRYPT_DSA_PUBLIC_BLOB +#define BCRYPT_DSA_PUBLIC_BLOB L"DSAPUBLICBLOB" +#endif + +#ifndef BCRYPT_DSA_PUBLIC_MAGIC +#define BCRYPT_DSA_PUBLIC_MAGIC 0x42505344 /* DSPB */ +#endif + +#ifndef BCRYPT_DSA_PRIVATE_BLOB +#define BCRYPT_DSA_PRIVATE_BLOB L"DSAPRIVATEBLOB" +#endif + +#ifndef BCRYPT_DSA_PRIVATE_MAGIC +#define BCRYPT_DSA_PRIVATE_MAGIC 0x56505344 /* DSPV */ +#endif + +#ifndef BCRYPT_RSAPUBLIC_BLOB +#define BCRYPT_RSAPUBLIC_BLOB L"RSAPUBLICBLOB" +#endif + +#ifndef BCRYPT_RSAPUBLIC_MAGIC +#define BCRYPT_RSAPUBLIC_MAGIC 0x31415352 /* RSA1 */ +#endif + +#ifndef BCRYPT_RSAFULLPRIVATE_BLOB +#define BCRYPT_RSAFULLPRIVATE_BLOB L"RSAFULLPRIVATEBLOB" +#endif + +#ifndef BCRYPT_RSAFULLPRIVATE_MAGIC +#define BCRYPT_RSAFULLPRIVATE_MAGIC 0x33415352 /* RSA3 */ +#endif + +#ifndef BCRYPT_KEY_DATA_BLOB +#define BCRYPT_KEY_DATA_BLOB L"KeyDataBlob" +#endif + +#ifndef BCRYPT_MESSAGE_BLOCK_LENGTH +#define BCRYPT_MESSAGE_BLOCK_LENGTH L"MessageBlockLength" +#endif + +#ifndef BCRYPT_NO_KEY_VALIDATION +#define BCRYPT_NO_KEY_VALIDATION 0x00000008 +#endif + +#ifndef BCRYPT_BLOCK_PADDING +#define BCRYPT_BLOCK_PADDING 0x00000001 +#endif + +#ifndef BCRYPT_PAD_NONE +#define BCRYPT_PAD_NONE 0x00000001 +#endif + +#ifndef BCRYPT_PAD_PKCS1 +#define BCRYPT_PAD_PKCS1 0x00000002 +#endif + +#ifndef BCRYPT_PAD_OAEP +#define BCRYPT_PAD_OAEP 0x00000004 +#endif + +#ifndef BCRYPT_PAD_PSS +#define BCRYPT_PAD_PSS 0x00000008 +#endif + +#ifndef CRYPT_STRING_ANY +#define CRYPT_STRING_ANY 0x00000007 +#endif + +#ifndef LEGACY_RSAPRIVATE_BLOB +#define LEGACY_RSAPRIVATE_BLOB L"CAPIPRIVATEBLOB" +#endif + +#ifndef PKCS_RSA_PRIVATE_KEY +#define PKCS_RSA_PRIVATE_KEY (LPCSTR)43 +#endif + + +/*******************************************************************/ +/* + * Windows CNG backend: Generic functions + */ + +void +_libssh2_wincng_init(void) +{ + int ret; + + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgRNG, + BCRYPT_RNG_ALGORITHM, NULL, 0); + + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHashMD5, + BCRYPT_MD5_ALGORITHM, NULL, 0); + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHashSHA1, + BCRYPT_SHA1_ALGORITHM, NULL, 0); + + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHmacMD5, + BCRYPT_MD5_ALGORITHM, NULL, + BCRYPT_ALG_HANDLE_HMAC_FLAG); + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHmacSHA1, + BCRYPT_SHA1_ALGORITHM, NULL, + BCRYPT_ALG_HANDLE_HMAC_FLAG); + + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgRSA, + BCRYPT_RSA_ALGORITHM, NULL, 0); + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgDSA, + BCRYPT_DSA_ALGORITHM, NULL, 0); + + ret = BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgAES_CBC, + BCRYPT_AES_ALGORITHM, NULL, 0); + if (ret == STATUS_SUCCESS) { + ret = BCryptSetProperty(_libssh2_wincng.hAlgAES_CBC, BCRYPT_CHAINING_MODE, + (PBYTE)BCRYPT_CHAIN_MODE_CBC, + sizeof(BCRYPT_CHAIN_MODE_CBC), 0); + if (ret != STATUS_SUCCESS) { + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgAES_CBC, 0); + } + } + + ret = BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgRC4_NA, + BCRYPT_RC4_ALGORITHM, NULL, 0); + if (ret == STATUS_SUCCESS) { + ret = BCryptSetProperty(_libssh2_wincng.hAlgRC4_NA, BCRYPT_CHAINING_MODE, + (PBYTE)BCRYPT_CHAIN_MODE_NA, + sizeof(BCRYPT_CHAIN_MODE_NA), 0); + if (ret != STATUS_SUCCESS) { + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRC4_NA, 0); + } + } + + ret = BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlg3DES_CBC, + BCRYPT_3DES_ALGORITHM, NULL, 0); + if (ret == STATUS_SUCCESS) { + ret = BCryptSetProperty(_libssh2_wincng.hAlg3DES_CBC, BCRYPT_CHAINING_MODE, + (PBYTE)BCRYPT_CHAIN_MODE_CBC, + sizeof(BCRYPT_CHAIN_MODE_CBC), 0); + if (ret != STATUS_SUCCESS) { + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlg3DES_CBC, 0); + } + } +} + +void +_libssh2_wincng_free(void) +{ + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRNG, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashMD5, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashSHA1, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacMD5, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacSHA1, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRSA, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgDSA, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgAES_CBC, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRC4_NA, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlg3DES_CBC, 0); + + memset(&_libssh2_wincng, 0, sizeof(_libssh2_wincng)); +} + +int +_libssh2_wincng_random(void *buf, int len) +{ + return BCryptGenRandom(_libssh2_wincng.hAlgRNG, buf, len, 0) + == STATUS_SUCCESS ? 0 : -1; +} + + +/*******************************************************************/ +/* + * Windows CNG backend: Hash functions + */ + +int +_libssh2_wincng_hash_init(_libssh2_wincng_hash_ctx *ctx, + BCRYPT_ALG_HANDLE hAlg, unsigned long hashlen, + unsigned char *key, unsigned long keylen) +{ + BCRYPT_HASH_HANDLE hHash; + unsigned char *pbHashObject; + unsigned long dwHashObject, dwHash, cbData; + int ret; + + ret = BCryptGetProperty(hAlg, BCRYPT_HASH_LENGTH, + (unsigned char *)&dwHash, + sizeof(dwHash), + &cbData, 0); + if (ret != STATUS_SUCCESS || dwHash != hashlen) { + return -1; + } + + ret = BCryptGetProperty(hAlg, BCRYPT_OBJECT_LENGTH, + (unsigned char *)&dwHashObject, + sizeof(dwHashObject), + &cbData, 0); + if (ret != STATUS_SUCCESS) { + return -1; + } + + pbHashObject = malloc(dwHashObject); + if (!pbHashObject) { + return -1; + } + + + ret = BCryptCreateHash(hAlg, &hHash, + pbHashObject, dwHashObject, + key, keylen, 0); + if (ret != STATUS_SUCCESS) { + free(pbHashObject); + return -1; + } + + + ctx->hHash = hHash; + ctx->pbHashObject = pbHashObject; + ctx->dwHashObject = dwHashObject; + ctx->cbHash = dwHash; + + return 0; +} + +int +_libssh2_wincng_hash_update(_libssh2_wincng_hash_ctx *ctx, + unsigned char *data, unsigned long datalen) +{ + return BCryptHashData(ctx->hHash, data, datalen, 0) + == STATUS_SUCCESS ? 0 : -1; +} + +int +_libssh2_wincng_hash_final(_libssh2_wincng_hash_ctx *ctx, + unsigned char *hash) +{ + int ret; + + ret = BCryptFinishHash(ctx->hHash, hash, ctx->cbHash, 0); + + BCryptDestroyHash(ctx->hHash); + + if (ctx->pbHashObject) + free(ctx->pbHashObject); + + memset(ctx, 0, sizeof(_libssh2_wincng_hash_ctx)); + + return ret; +} + +int +_libssh2_wincng_hash(unsigned char *data, unsigned long datalen, + BCRYPT_ALG_HANDLE hAlg, + unsigned char *hash, unsigned long hashlen) +{ + _libssh2_wincng_hash_ctx ctx; + + if (!_libssh2_wincng_hash_init(&ctx, hAlg, hashlen, NULL, 0)) { + if (!_libssh2_wincng_hash_update(&ctx, data, datalen)) { + if (!_libssh2_wincng_hash_final(&ctx, hash)) { + return 0; + } + } + } + + return -1; +} + + +/*******************************************************************/ +/* + * Windows CNG backend: HMAC functions + */ + +int +_libssh2_wincng_hmac_final(_libssh2_wincng_hash_ctx *ctx, + unsigned char *hash) +{ + return BCryptFinishHash(ctx->hHash, hash, ctx->cbHash, 0) + == STATUS_SUCCESS ? 0 : -1; +} + +void +_libssh2_wincng_hmac_cleanup(_libssh2_wincng_hash_ctx *ctx) +{ + BCryptDestroyHash(ctx->hHash); + + if (ctx->pbHashObject) + free(ctx->pbHashObject); + + memset(ctx, 0, sizeof(_libssh2_wincng_hash_ctx)); +} + + +/*******************************************************************/ +/* + * Windows CNG backend: Key functions + */ + +int +_libssh2_wincng_key_sha1_verify(_libssh2_wincng_key_ctx *ctx, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, + unsigned long m_len, + unsigned long flags) +{ + BCRYPT_PKCS1_PADDING_INFO paddingInfoPKCS1; + void *pPaddingInfo; + unsigned char *data, *hash; + unsigned long datalen, hashlen; + int ret; + + datalen = m_len; + data = malloc(datalen); + if (!data) { + return -1; + } + + hashlen = SHA_DIGEST_LENGTH; + hash = malloc(hashlen); + if (!hash) { + free(data); + return -1; + } + + memcpy(data, m, datalen); + + ret = _libssh2_wincng_hash(data, datalen, + _libssh2_wincng.hAlgHashSHA1, + hash, hashlen); + + free(data); + + if (ret) { + free(hash); + return -1; + } + + datalen = sig_len; + data = malloc(datalen); + if (!data) { + free(hash); + return -1; + } + + if (flags & BCRYPT_PAD_PKCS1) { + paddingInfoPKCS1.pszAlgId = BCRYPT_SHA1_ALGORITHM; + pPaddingInfo = &paddingInfoPKCS1; + } + + memcpy(data, sig, datalen); + + ret = BCryptVerifySignature(ctx->hKey, pPaddingInfo, + hash, hashlen, data, datalen, flags); + + free(hash); + free(data); + + return ret == STATUS_SUCCESS ? 0 : -1; +} + +#ifdef HAVE_LIBCRYPT32 +static int +_libssh2_wincng_load_pem(LIBSSH2_SESSION *session, + const char *filename, + const char *passphrase, + const char *headerbegin, + const char *headerend, + unsigned char **data, + unsigned int *datalen) +{ + FILE *fp; + int ret; + + (void)passphrase; + + fp = fopen(filename, "r"); + if (!fp) { + return -1; + } + + ret = _libssh2_pem_parse(session, headerbegin, headerend, + fp, data, datalen); + + fclose(fp); + + return ret; +} + +static int +_libssh2_wincng_load_private(LIBSSH2_SESSION *session, + const char *filename, + const char *passphrase, + unsigned char **ppbEncoded, + unsigned long *pcbEncoded) +{ + unsigned char *data; + int ret, datalen; + + ret = _libssh2_wincng_load_pem(session, filename, passphrase, + "-----BEGIN RSA PRIVATE KEY-----", + "-----END RSA PRIVATE KEY-----", + &data, &datalen); + + if (ret) { + ret = _libssh2_wincng_load_pem(session, filename, passphrase, + "-----BEGIN DSA PRIVATE KEY-----", + "-----END DSA PRIVATE KEY-----", + &data, &datalen); + } + + if (!ret) { + *ppbEncoded = data; + *pcbEncoded = datalen; + } + + return ret; +} + +static int +_libssh2_wincng_asn_decode(unsigned char *pbEncoded, + unsigned long cbEncoded, + LPCSTR lpszStructType, + unsigned char **ppbDecoded, + unsigned long *pcbDecoded) +{ + unsigned char *pbDecoded; + unsigned long cbDecoded; + int ret; + + ret = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + lpszStructType, + pbEncoded, cbEncoded, 0, NULL, + NULL, &cbDecoded); + if (!ret) { + return -1; + } + + pbDecoded = malloc(cbDecoded); + if (!pbDecoded) { + return -1; + } + + ret = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + lpszStructType, + pbEncoded, cbEncoded, 0, NULL, + pbDecoded, &cbDecoded); + if (!ret) { + free(pbDecoded); + return -1; + } + + + *ppbDecoded = pbDecoded; + *pcbDecoded = cbDecoded; + + return 0; +} + +static int +_libssh2_wincng_bn_ltob(unsigned char *pbInput, + unsigned long cbInput, + unsigned char **ppbOutput, + unsigned long *pcbOutput) +{ + unsigned char *pbOutput; + unsigned long cbOutput, index, offset, length; + + if (cbInput < 1) { + return 0; + } + + offset = 0; + length = cbInput - 1; + cbOutput = cbInput; + if (pbInput[length] & (1 << 7)) { + offset++; + cbOutput++; + } + + pbOutput = malloc(cbOutput); + if (!pbOutput) { + return -1; + } + + pbOutput[0] = 0; + for (index = 0; index < cbInput; index++) { + pbOutput[index + offset] = pbInput[length - index]; + } + + + *ppbOutput = pbOutput; + *pcbOutput = cbOutput; + + return 0; +} + +static int +_libssh2_wincng_asn_decode_bn(unsigned char *pbEncoded, + unsigned long cbEncoded, + unsigned char **ppbDecoded, + unsigned long *pcbDecoded) +{ + unsigned char *pbDecoded, *pbInteger; + unsigned long cbDecoded, cbInteger; + int ret; + + ret = _libssh2_wincng_asn_decode(pbEncoded, cbEncoded, + X509_MULTI_BYTE_UINT, + &pbInteger, &cbInteger); + if (!ret) { + ret = _libssh2_wincng_bn_ltob(((PCRYPT_DATA_BLOB)pbInteger)->pbData, + ((PCRYPT_DATA_BLOB)pbInteger)->cbData, + &pbDecoded, &cbDecoded); + if (!ret) { + *ppbDecoded = pbDecoded; + *pcbDecoded = cbDecoded; + } + free(pbInteger); + } + + return ret; +} + +static int +_libssh2_wincng_asn_decode_bns(unsigned char *pbEncoded, + unsigned long cbEncoded, + unsigned char ***prpbDecoded, + unsigned long **prcbDecoded, + unsigned long *pcbCount) +{ + PCRYPT_DER_BLOB pBlob; + unsigned char *pbDecoded, **rpbDecoded; + unsigned long cbDecoded, *rcbDecoded, index, length; + int ret; + + ret = _libssh2_wincng_asn_decode(pbEncoded, cbEncoded, + X509_SEQUENCE_OF_ANY, + &pbDecoded, &cbDecoded); + if (!ret) { + length = ((PCRYPT_DATA_BLOB)pbDecoded)->cbData; + + rpbDecoded = malloc(sizeof(PBYTE) * length); + if (rpbDecoded) { + rcbDecoded = malloc(sizeof(DWORD) * length); + if (rcbDecoded) { + for (index = 0; index < length; index++) { + pBlob = &((PCRYPT_DER_BLOB) + ((PCRYPT_DATA_BLOB)pbDecoded)->pbData)[index]; + ret = _libssh2_wincng_asn_decode_bn(pBlob->pbData, + pBlob->cbData, + &rpbDecoded[index], + &rcbDecoded[index]); + if (ret) + break; + } + + if (ret) { + for (length = 0; length < index; length++) { + if (rpbDecoded[length]) { + free(rpbDecoded[length]); + rpbDecoded[length] = NULL; + } + } + } else { + *prpbDecoded = rpbDecoded; + *prcbDecoded = rcbDecoded; + *pcbCount = length; + } + } else { + free(rpbDecoded); + ret = -1; + } + + } else { + ret = -1; + } + + free(pbDecoded); + } + + return ret; +} +#endif /* HAVE_LIBCRYPT32 */ + +static unsigned long +_libssh2_wincng_bn_size(const unsigned char *bignum, + unsigned long length) +{ + unsigned long offset; + + if (!bignum) + return 0; + + length--; + + offset = 0; + while (!(*(bignum + offset)) && (offset < length)) + offset++; + + length++; + + return length - offset; +} + + +/*******************************************************************/ +/* + * Windows CNG backend: RSA functions + */ + +int +_libssh2_wincng_rsa_new(libssh2_rsa_ctx **rsa, + const unsigned char *edata, + unsigned long elen, + const unsigned char *ndata, + unsigned long nlen, + const unsigned char *ddata, + unsigned long dlen, + const unsigned char *pdata, + unsigned long plen, + const unsigned char *qdata, + unsigned long qlen, + const unsigned char *e1data, + unsigned long e1len, + const unsigned char *e2data, + unsigned long e2len, + const unsigned char *coeffdata, + unsigned long coefflen) +{ + BCRYPT_KEY_HANDLE hKey; + BCRYPT_RSAKEY_BLOB *rsakey; + LPCWSTR lpszBlobType; + unsigned char *key; + unsigned long keylen, offset, mlen, p1len, p2len; + int ret; + + mlen = max(_libssh2_wincng_bn_size(ndata, nlen), + _libssh2_wincng_bn_size(ddata, dlen)); + offset = sizeof(BCRYPT_RSAKEY_BLOB); + keylen = offset + elen + mlen; + if (ddata && dlen > 0) { + p1len = max(_libssh2_wincng_bn_size(pdata, plen), + _libssh2_wincng_bn_size(e1data, e1len)); + p2len = max(_libssh2_wincng_bn_size(qdata, qlen), + _libssh2_wincng_bn_size(e2data, e2len)); + keylen += p1len * 3 + p2len * 2 + mlen; + } + + key = malloc(keylen); + if (!key) { + return -1; + } + + memset(key, 0, keylen); + + + /* http://msdn.microsoft.com/library/windows/desktop/aa375531.aspx */ + rsakey = (BCRYPT_RSAKEY_BLOB *)key; + rsakey->BitLength = mlen * 8; + rsakey->cbPublicExp = elen; + rsakey->cbModulus = mlen; + + memcpy(key + offset, edata, elen); + offset += elen; + + if (nlen < mlen) + memcpy(key + offset + mlen - nlen, ndata, nlen); + else + memcpy(key + offset, ndata + nlen - mlen, mlen); + + if (ddata && dlen > 0) { + offset += mlen; + + if (plen < p1len) + memcpy(key + offset + p1len - plen, pdata, plen); + else + memcpy(key + offset, pdata + plen - p1len, p1len); + offset += p1len; + + if (qlen < p2len) + memcpy(key + offset + p2len - qlen, qdata, qlen); + else + memcpy(key + offset, qdata + qlen - p2len, p2len); + offset += p2len; + + if (e1len < p1len) + memcpy(key + offset + p1len - e1len, e1data, e1len); + else + memcpy(key + offset, e1data + e1len - p1len, p1len); + offset += p1len; + + if (e2len < p2len) + memcpy(key + offset + p2len - e2len, e2data, e2len); + else + memcpy(key + offset, e2data + e2len - p2len, p2len); + offset += p2len; + + if (coefflen < p1len) + memcpy(key + offset + p1len - coefflen, coeffdata, coefflen); + else + memcpy(key + offset, coeffdata + coefflen - p1len, p1len); + offset += p1len; + + if (dlen < mlen) + memcpy(key + offset + mlen - dlen, ddata, dlen); + else + memcpy(key + offset, ddata + dlen - mlen, mlen); + + lpszBlobType = BCRYPT_RSAFULLPRIVATE_BLOB; + rsakey->Magic = BCRYPT_RSAFULLPRIVATE_MAGIC; + rsakey->cbPrime1 = p1len; + rsakey->cbPrime2 = p2len; + } else { + lpszBlobType = BCRYPT_RSAPUBLIC_BLOB; + rsakey->Magic = BCRYPT_RSAPUBLIC_MAGIC; + rsakey->cbPrime1 = 0; + rsakey->cbPrime2 = 0; + } + + + ret = BCryptImportKeyPair(_libssh2_wincng.hAlgRSA, NULL, lpszBlobType, + &hKey, key, keylen, 0); + if (ret != STATUS_SUCCESS) { + free(key); + return -1; + } + + + *rsa = malloc(sizeof(libssh2_rsa_ctx)); + if (!(*rsa)) { + BCryptDestroyKey(hKey); + free(key); + return -1; + } + + (*rsa)->hKey = hKey; + (*rsa)->pbKeyObject = key; + (*rsa)->cbKeyObject = keylen; + + return 0; +} + +int +_libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa, + LIBSSH2_SESSION *session, + const char *filename, + const unsigned char *passphrase) +{ +#ifdef HAVE_LIBCRYPT32 + BCRYPT_KEY_HANDLE hKey; + unsigned char *pbEncoded, *pbStructInfo; + unsigned long cbEncoded, cbStructInfo; + int ret; + + (void)session; + + ret = _libssh2_wincng_load_private(session, filename, + (const char *)passphrase, + &pbEncoded, &cbEncoded); + if (ret) { + return -1; + } + + ret = _libssh2_wincng_asn_decode(pbEncoded, cbEncoded, + PKCS_RSA_PRIVATE_KEY, + &pbStructInfo, &cbStructInfo); + + free(pbEncoded); + + if (ret) { + return -1; + } + + + ret = BCryptImportKeyPair(_libssh2_wincng.hAlgRSA, NULL, + LEGACY_RSAPRIVATE_BLOB, &hKey, + pbStructInfo, cbStructInfo, 0); + if (ret != STATUS_SUCCESS) { + free(pbStructInfo); + return -1; + } + + + *rsa = malloc(sizeof(libssh2_rsa_ctx)); + if (!(*rsa)) { + BCryptDestroyKey(hKey); + free(pbStructInfo); + return -1; + } + + (*rsa)->hKey = hKey; + (*rsa)->pbKeyObject = pbStructInfo; + (*rsa)->cbKeyObject = cbStructInfo; + + return 0; +#else + (void)rsa; + (void)filename; + (void)passphrase; + + return _libssh2_error(session, LIBSSH2_ERROR_FILE, + "Unable to load RSA key from private key file: " + "Method unsupported in Windows CNG backend"); +#endif /* HAVE_LIBCRYPT32 */ +} + +int +_libssh2_wincng_rsa_sha1_verify(libssh2_rsa_ctx *rsa, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, + unsigned long m_len) +{ + return _libssh2_wincng_key_sha1_verify(rsa, sig, sig_len, m, m_len, + BCRYPT_PAD_PKCS1); +} + +int +_libssh2_wincng_rsa_sha1_sign(LIBSSH2_SESSION *session, + libssh2_rsa_ctx *rsa, + const unsigned char *hash, + size_t hash_len, + unsigned char **signature, + size_t *signature_len) +{ + BCRYPT_PKCS1_PADDING_INFO paddingInfo; + unsigned char *data, *sig; + unsigned long cbData, datalen, siglen; + int ret; + + datalen = hash_len; + data = malloc(datalen); + if (!data) { + return -1; + } + + paddingInfo.pszAlgId = BCRYPT_SHA1_ALGORITHM; + + memcpy(data, hash, datalen); + + ret = BCryptSignHash(rsa->hKey, &paddingInfo, + data, datalen, NULL, 0, + &cbData, BCRYPT_PAD_PKCS1); + if (ret == STATUS_SUCCESS) { + siglen = cbData; + sig = LIBSSH2_ALLOC(session, siglen); + if (sig) { + ret = BCryptSignHash(rsa->hKey, &paddingInfo, + data, datalen, sig, siglen, + &cbData, BCRYPT_PAD_PKCS1); + if (ret == STATUS_SUCCESS) { + *signature_len = siglen; + *signature = sig; + } else { + LIBSSH2_FREE(session, sig); + } + } else + ret = STATUS_NO_MEMORY; + } + + free(data); + + return ret == STATUS_SUCCESS ? 0 : -1; +} + +void +_libssh2_wincng_rsa_free(libssh2_rsa_ctx *rsa) +{ + if (!rsa) + return; + + BCryptDestroyKey(rsa->hKey); + + if (rsa->pbKeyObject) + free(rsa->pbKeyObject); + + memset(rsa, 0, sizeof(libssh2_rsa_ctx)); + free(rsa); +} + + +/*******************************************************************/ +/* + * Windows CNG backend: DSA functions + */ + +#if LIBSSH2_DSA +int +_libssh2_wincng_dsa_new(libssh2_dsa_ctx **dsa, + const unsigned char *pdata, + unsigned long plen, + const unsigned char *qdata, + unsigned long qlen, + const unsigned char *gdata, + unsigned long glen, + const unsigned char *ydata, + unsigned long ylen, + const unsigned char *xdata, + unsigned long xlen) +{ + BCRYPT_KEY_HANDLE hKey; + BCRYPT_DSA_KEY_BLOB *dsakey; + LPCWSTR lpszBlobType; + unsigned char *key; + unsigned long keylen, offset, length; + int ret; + + length = max(max(_libssh2_wincng_bn_size(pdata, plen), + _libssh2_wincng_bn_size(gdata, glen)), + _libssh2_wincng_bn_size(ydata, ylen)); + offset = sizeof(BCRYPT_DSA_KEY_BLOB); + keylen = offset + length * 3; + if (xdata && xlen > 0) + keylen += 20; + + key = malloc(keylen); + if (!key) { + return -1; + } + + memset(key, 0, keylen); + + + /* http://msdn.microsoft.com/library/windows/desktop/aa833126.aspx */ + dsakey = (BCRYPT_DSA_KEY_BLOB *)key; + dsakey->cbKey = length; + + memset(dsakey->Count, -1, sizeof(dsakey->Count)); + memset(dsakey->Seed, -1, sizeof(dsakey->Seed)); + + if (qlen < 20) + memcpy(dsakey->q + 20 - qlen, qdata, qlen); + else + memcpy(dsakey->q, qdata + qlen - 20, 20); + + if (plen < length) + memcpy(key + offset + length - plen, pdata, plen); + else + memcpy(key + offset, pdata + plen - length, length); + offset += length; + + if (glen < length) + memcpy(key + offset + length - glen, gdata, glen); + else + memcpy(key + offset, gdata + glen - length, length); + offset += length; + + if (ylen < length) + memcpy(key + offset + length - ylen, ydata, ylen); + else + memcpy(key + offset, ydata + ylen - length, length); + + if (xdata && xlen > 0) { + offset += length; + + if (xlen < 20) + memcpy(key + offset + 20 - xlen, xdata, xlen); + else + memcpy(key + offset, xdata + xlen - 20, 20); + + lpszBlobType = BCRYPT_DSA_PRIVATE_BLOB; + dsakey->dwMagic = BCRYPT_DSA_PRIVATE_MAGIC; + } else { + lpszBlobType = BCRYPT_DSA_PUBLIC_BLOB; + dsakey->dwMagic = BCRYPT_DSA_PUBLIC_MAGIC; + } + + + ret = BCryptImportKeyPair(_libssh2_wincng.hAlgDSA, NULL, lpszBlobType, + &hKey, key, keylen, 0); + if (ret != STATUS_SUCCESS) { + free(key); + return -1; + } + + + *dsa = malloc(sizeof(libssh2_dsa_ctx)); + if (!(*dsa)) { + BCryptDestroyKey(hKey); + free(key); + return -1; + } + + (*dsa)->hKey = hKey; + (*dsa)->pbKeyObject = key; + (*dsa)->cbKeyObject = keylen; + + return 0; +} + +int +_libssh2_wincng_dsa_new_private(libssh2_dsa_ctx **dsa, + LIBSSH2_SESSION *session, + const char *filename, + const unsigned char *passphrase) +{ +#ifdef HAVE_LIBCRYPT32 + unsigned char *pbEncoded, **rpbDecoded; + unsigned long cbEncoded, *rcbDecoded, index, length; + int ret; + + (void)session; + + ret = _libssh2_wincng_load_private(session, filename, + (const char *)passphrase, + &pbEncoded, &cbEncoded); + if (ret) { + return -1; + } + + ret = _libssh2_wincng_asn_decode_bns(pbEncoded, cbEncoded, + &rpbDecoded, &rcbDecoded, &length); + + free(pbEncoded); + + if (ret) { + return -1; + } + + + if (length == 6) { + ret = _libssh2_wincng_dsa_new(dsa, + rpbDecoded[1], rcbDecoded[1], + rpbDecoded[2], rcbDecoded[2], + rpbDecoded[3], rcbDecoded[3], + rpbDecoded[4], rcbDecoded[4], + rpbDecoded[5], rcbDecoded[5]); + } else { + ret = -1; + } + + for (index = 0; index < length; index++) { + if (rpbDecoded[index]) { + free(rpbDecoded[index]); + rpbDecoded[index] = NULL; + } + } + + free(rpbDecoded); + free(rcbDecoded); + + return ret; +#else + (void)dsa; + (void)filename; + (void)passphrase; + + return _libssh2_error(session, LIBSSH2_ERROR_FILE, + "Unable to load DSA key from private key file: " + "Method unsupported in Windows CNG backend"); +#endif /* HAVE_LIBCRYPT32 */ +} + +int +_libssh2_wincng_dsa_sha1_verify(libssh2_dsa_ctx *dsa, + const unsigned char *sig_fixed, + const unsigned char *m, + unsigned long m_len) +{ + return _libssh2_wincng_key_sha1_verify(dsa, sig_fixed, 40, m, m_len, 0); +} + +int +_libssh2_wincng_dsa_sha1_sign(libssh2_dsa_ctx *dsa, + const unsigned char *hash, + unsigned long hash_len, + unsigned char *sig_fixed) +{ + unsigned char *data, *sig; + unsigned long cbData, datalen, siglen; + int ret; + + datalen = hash_len; + data = malloc(datalen); + if (!data) { + return -1; + } + + memcpy(data, hash, datalen); + + ret = BCryptSignHash(dsa->hKey, NULL, data, datalen, + NULL, 0, &cbData, 0); + if (ret == STATUS_SUCCESS) { + siglen = cbData; + if (siglen == 40) { + sig = malloc(siglen); + if (sig) { + ret = BCryptSignHash(dsa->hKey, NULL, data, datalen, + sig, siglen, &cbData, 0); + if (ret == STATUS_SUCCESS) { + memcpy(sig_fixed, sig, siglen); + } + + free(sig); + } else + ret = STATUS_NO_MEMORY; + } else + ret = STATUS_NO_MEMORY; + } + + free(data); + + return ret == STATUS_SUCCESS ? 0 : -1; +} + +void +_libssh2_wincng_dsa_free(libssh2_dsa_ctx *dsa) +{ + if (!dsa) + return; + + BCryptDestroyKey(dsa->hKey); + + if (dsa->pbKeyObject) + free(dsa->pbKeyObject); + + memset(dsa, 0, sizeof(libssh2_dsa_ctx)); + free(dsa); +} +#endif + + +/*******************************************************************/ +/* + * Windows CNG backend: Key functions + */ + +static unsigned long +_libssh2_wincng_pub_priv_write(unsigned char *key, + unsigned long offset, + const unsigned char *bignum, + const unsigned long length) +{ + _libssh2_htonu32(key + offset, length); + offset += 4; + + memcpy(key + offset, bignum, length); + offset += length; + + return offset; +} + +int +_libssh2_wincng_pub_priv_keyfile(LIBSSH2_SESSION *session, + unsigned char **method, + size_t *method_len, + unsigned char **pubkeydata, + size_t *pubkeydata_len, + const char *privatekey, + const char *passphrase) +{ +#ifdef HAVE_LIBCRYPT32 + unsigned char *pbEncoded, **rpbDecoded; + unsigned long cbEncoded, *rcbDecoded; + unsigned char *key, *mth; + unsigned long keylen, mthlen, index, offset, length; + int ret; + + ret = _libssh2_wincng_load_private(session, privatekey, passphrase, + &pbEncoded, &cbEncoded); + if (ret) { + return -1; + } + + ret = _libssh2_wincng_asn_decode_bns(pbEncoded, cbEncoded, + &rpbDecoded, &rcbDecoded, &length); + + free(pbEncoded); + + if (ret) { + return -1; + } + + + if (length == 9) { /* private RSA key */ + mthlen = 7; + mth = LIBSSH2_ALLOC(session, mthlen); + if (mth) { + memcpy(mth, "ssh-rsa", mthlen); + } else { + ret = -1; + } + + + keylen = 4 + mthlen + 4 + rcbDecoded[2] + 4 + rcbDecoded[1]; + key = LIBSSH2_ALLOC(session, keylen); + if (key) { + offset = _libssh2_wincng_pub_priv_write(key, 0, mth, mthlen); + + offset = _libssh2_wincng_pub_priv_write(key, offset, + rpbDecoded[2], + rcbDecoded[2]); + + _libssh2_wincng_pub_priv_write(key, offset, + rpbDecoded[1], + rcbDecoded[1]); + } else { + ret = -1; + } + + } else if (length == 6) { /* private DSA key */ + mthlen = 7; + mth = LIBSSH2_ALLOC(session, mthlen); + if (mth) { + memcpy(mth, "ssh-dss", mthlen); + } else { + ret = -1; + } + + keylen = 4 + mthlen + 4 + rcbDecoded[1] + 4 + rcbDecoded[2] + + 4 + rcbDecoded[3] + 4 + rcbDecoded[4]; + key = LIBSSH2_ALLOC(session, keylen); + if (key) { + offset = _libssh2_wincng_pub_priv_write(key, 0, mth, mthlen); + + offset = _libssh2_wincng_pub_priv_write(key, offset, + rpbDecoded[1], + rcbDecoded[1]); + + offset = _libssh2_wincng_pub_priv_write(key, offset, + rpbDecoded[2], + rcbDecoded[2]); + + offset = _libssh2_wincng_pub_priv_write(key, offset, + rpbDecoded[3], + rcbDecoded[3]); + + _libssh2_wincng_pub_priv_write(key, offset, + rpbDecoded[4], + rcbDecoded[4]); + } else { + ret = -1; + } + + } else { + ret = -1; + } + + + for (index = 0; index < length; index++) { + if (rpbDecoded[index]) { + free(rpbDecoded[index]); + rpbDecoded[index] = NULL; + } + } + + free(rpbDecoded); + free(rcbDecoded); + + + if (ret) { + if (mth) + LIBSSH2_FREE(session, mth); + if (key) + LIBSSH2_FREE(session, key); + } else { + *method = mth; + *method_len = mthlen; + *pubkeydata = key; + *pubkeydata_len = keylen; + } + + return ret; +#else + (void)method; + (void)method_len; + (void)pubkeydata; + (void)pubkeydata_len; + (void)privatekey; + (void)passphrase; + + return _libssh2_error(session, LIBSSH2_ERROR_FILE, + "Unable to load public key from private key file: " + "Method unsupported in Windows CNG backend"); +#endif /* HAVE_LIBCRYPT32 */ +} + + +/*******************************************************************/ +/* + * Windows CNG backend: Cipher functions + */ + +int +_libssh2_wincng_cipher_init(_libssh2_cipher_ctx *ctx, + _libssh2_cipher_type(type), + unsigned char *iv, + unsigned char *secret, + int encrypt) +{ + BCRYPT_KEY_HANDLE hKey; + BCRYPT_KEY_DATA_BLOB_HEADER *header; + unsigned char *pbKeyObject, *pbIV, *key; + unsigned long dwKeyObject, dwIV, dwBlockLength, cbData, keylen; + int ret; + + (void)encrypt; + + ret = BCryptGetProperty(*type.phAlg, BCRYPT_OBJECT_LENGTH, + (unsigned char *)&dwKeyObject, + sizeof(dwKeyObject), + &cbData, 0); + if (ret != STATUS_SUCCESS) { + return -1; + } + + ret = BCryptGetProperty(*type.phAlg, BCRYPT_BLOCK_LENGTH, + (unsigned char *)&dwBlockLength, + sizeof(dwBlockLength), + &cbData, 0); + if (ret != STATUS_SUCCESS) { + return -1; + } + + pbKeyObject = malloc(dwKeyObject); + if (!pbKeyObject) { + return -1; + } + + + keylen = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + type.dwKeyLength; + key = malloc(keylen); + if (!key) { + free(pbKeyObject); + return -1; + } + + + header = (BCRYPT_KEY_DATA_BLOB_HEADER *)key; + header->dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC; + header->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1; + header->cbKeyData = type.dwKeyLength; + + memcpy(key + sizeof(BCRYPT_KEY_DATA_BLOB_HEADER), + secret, type.dwKeyLength); + + ret = BCryptImportKey(*type.phAlg, NULL, BCRYPT_KEY_DATA_BLOB, &hKey, + pbKeyObject, dwKeyObject, key, keylen, 0); + + free(key); + + if (ret != STATUS_SUCCESS) { + free(pbKeyObject); + return -1; + } + + if (type.dwUseIV) { + pbIV = malloc(dwBlockLength); + if (!pbIV) { + BCryptDestroyKey(hKey); + free(pbKeyObject); + return -1; + } + dwIV = dwBlockLength; + memcpy(pbIV, iv, dwIV); + } else { + pbIV = NULL; + dwIV = 0; + } + + + ctx->hKey = hKey; + ctx->pbKeyObject = pbKeyObject; + ctx->pbIV = pbIV; + ctx->dwKeyObject = dwKeyObject; + ctx->dwIV = dwIV; + ctx->dwBlockLength = dwBlockLength; + + return 0; +} + +int +_libssh2_wincng_cipher_crypt(_libssh2_cipher_ctx *ctx, + _libssh2_cipher_type(type), + int encrypt, + unsigned char *block, + size_t blocklen) +{ + unsigned char *pbOutput; + unsigned long cbOutput; + int ret; + + (void)type; + + if (encrypt) { + ret = BCryptEncrypt(ctx->hKey, block, blocklen, NULL, + ctx->pbIV, ctx->dwIV, NULL, 0, &cbOutput, 0); + } else { + ret = BCryptDecrypt(ctx->hKey, block, blocklen, NULL, + ctx->pbIV, ctx->dwIV, NULL, 0, &cbOutput, 0); + } + if (ret == STATUS_SUCCESS) { + pbOutput = malloc(cbOutput); + if (pbOutput) { + if (encrypt) { + ret = BCryptEncrypt(ctx->hKey, block, blocklen, NULL, + ctx->pbIV, ctx->dwIV, + pbOutput, cbOutput, &cbOutput, 0); + } else { + ret = BCryptDecrypt(ctx->hKey, block, blocklen, NULL, + ctx->pbIV, ctx->dwIV, + pbOutput, cbOutput, &cbOutput, 0); + } + if (ret == STATUS_SUCCESS) { + memcpy(block, pbOutput, cbOutput); + } + + free(pbOutput); + } else + ret = STATUS_NO_MEMORY; + } + + return ret == STATUS_SUCCESS ? 0 : -1; +} + +void +_libssh2_wincng_cipher_dtor(_libssh2_cipher_ctx *ctx) +{ + BCryptDestroyKey(ctx->hKey); + + if (ctx->pbKeyObject) { + free(ctx->pbKeyObject); + ctx->pbKeyObject = NULL; + } + + memset(ctx, 0, sizeof(_libssh2_cipher_ctx)); +} + + +/*******************************************************************/ +/* + * Windows CNG backend: BigNumber functions + */ + +_libssh2_bn * +_libssh2_wincng_bignum_init(void) +{ + _libssh2_bn *bignum; + + bignum = malloc(sizeof(_libssh2_bn)); + bignum->bignum = NULL; + bignum->length = 0; + + return bignum; +} + +static int +_libssh2_wincng_bignum_resize(_libssh2_bn *bn, unsigned long length) +{ + unsigned char *bignum; + + if (!bn) + return -1; + + if (length == bn->length) + return 0; + + bignum = realloc(bn->bignum, length); + if (!bignum) + return -1; + + bn->bignum = bignum; + bn->length = length; + + return 0; +} + +int +_libssh2_wincng_bignum_rand(_libssh2_bn *rnd, int bits, int top, int bottom) +{ + unsigned char *bignum; + unsigned long length; + + if (!rnd) + return -1; + + length = ceil((float)bits / 8) * sizeof(unsigned char); + if (_libssh2_wincng_bignum_resize(rnd, length)) + return -1; + + bignum = rnd->bignum; + + if (_libssh2_wincng_random(bignum, length)) + return -1; + + /* calculate significant bits in most significant byte */ + bits %= 8; + + /* fill most significant byte with zero padding */ + bignum[0] &= (1 << (8 - bits)) - 1; + + /* set some special last bits in most significant byte */ + if (top == 0) + bignum[0] |= (1 << (7 - bits)); + else if (top == 1) + bignum[0] |= (3 << (6 - bits)); + + /* make odd by setting first bit in least significant byte */ + if (bottom) + bignum[length - 1] |= 1; + + return 0; +} + +int +_libssh2_wincng_bignum_mod_exp(_libssh2_bn *r, + _libssh2_bn *a, + _libssh2_bn *p, + _libssh2_bn *m, + _libssh2_bn_ctx *bnctx) +{ + BCRYPT_KEY_HANDLE hKey; + BCRYPT_RSAKEY_BLOB *rsakey; + unsigned char *key, *bignum; + unsigned long keylen, offset, length; + int ret; + + (void)bnctx; + + if (!r || !a || !p || !m) + return -1; + + offset = sizeof(BCRYPT_RSAKEY_BLOB); + keylen = offset + p->length + m->length; + + key = malloc(keylen); + if (!key) + return -1; + + + /* http://msdn.microsoft.com/library/windows/desktop/aa375531.aspx */ + rsakey = (BCRYPT_RSAKEY_BLOB *)key; + rsakey->Magic = BCRYPT_RSAPUBLIC_MAGIC; + rsakey->BitLength = m->length * 8; + rsakey->cbPublicExp = p->length; + rsakey->cbModulus = m->length; + rsakey->cbPrime1 = 0; + rsakey->cbPrime2 = 0; + + memcpy(key + offset, p->bignum, p->length); + offset += p->length; + + memcpy(key + offset, m->bignum, m->length); + + ret = BCryptImportKeyPair(_libssh2_wincng.hAlgRSA, NULL, + BCRYPT_RSAPUBLIC_BLOB, &hKey, key, keylen, + BCRYPT_NO_KEY_VALIDATION); + + if (ret == STATUS_SUCCESS) { + ret = BCryptEncrypt(hKey, a->bignum, a->length, NULL, NULL, 0, + NULL, 0, &length, BCRYPT_PAD_NONE); + if (ret == STATUS_SUCCESS) { + if (!_libssh2_wincng_bignum_resize(r, length)) { + length = max(a->length, length); + bignum = malloc(length); + if (bignum) { + offset = length - a->length; + memset(bignum, 0, offset); + memcpy(bignum + offset, a->bignum, a->length); + + ret = BCryptEncrypt(hKey, bignum, length, NULL, NULL, 0, + r->bignum, r->length, &offset, + BCRYPT_PAD_NONE); + + free(bignum); + + if (ret == STATUS_SUCCESS) { + _libssh2_wincng_bignum_resize(r, offset); + } + } else + ret = STATUS_NO_MEMORY; + } else + ret = STATUS_NO_MEMORY; + } + + BCryptDestroyKey(hKey); + } + + free(key); + + return ret == STATUS_SUCCESS ? 0 : -1; +} + +int +_libssh2_wincng_bignum_set_word(_libssh2_bn *bn, unsigned long word) +{ + unsigned long offset, number, bits, length; + + if (!bn) + return -1; + + number = word; + while (number >>= 1) + bits++; + + length = ceil((double)(bits+1) / 8) * sizeof(unsigned char); + if (_libssh2_wincng_bignum_resize(bn, length)) + return -1; + + for (offset = 0; offset < length; offset++) + bn->bignum[offset] = (word >> (offset * 8)) & 0xff; + + return 0; +} + +unsigned long +_libssh2_wincng_bignum_bits(const _libssh2_bn *bn) +{ + unsigned char number; + unsigned long offset, length, bits; + + if (!bn) + return 0; + + length = bn->length - 1; + + offset = 0; + while (!(*(bn->bignum + offset)) && (offset < length)) + offset++; + + bits = (length - offset) * 8; + number = bn->bignum[offset]; + + while (number >>= 1) + bits++; + + bits++; + + return bits; +} + +void +_libssh2_wincng_bignum_from_bin(_libssh2_bn *bn, unsigned long len, + const unsigned char *bin) +{ + unsigned char *bignum; + unsigned long offset, length, bits; + + if (bn && bin && len > 0) { + if (!_libssh2_wincng_bignum_resize(bn, len)) { + memcpy(bn->bignum, bin, len); + + bits = _libssh2_wincng_bignum_bits(bn); + length = ceil((double)bits / 8) * sizeof(unsigned char); + + offset = bn->length - length; + if (offset > 0) { + memmove(bn->bignum, bn->bignum + offset, length); + + bignum = realloc(bn->bignum, length); + if (bignum) { + bn->bignum = bignum; + bn->length = length; + } + } + } + } +} + +void +_libssh2_wincng_bignum_to_bin(const _libssh2_bn *bn, unsigned char *bin) +{ + if (bin && bn && bn->bignum && bn->length > 0) { + memcpy(bin, bn->bignum, bn->length); + } +} + +void +_libssh2_wincng_bignum_free(_libssh2_bn *bn) +{ + if (bn) { + if (bn->bignum) { + free(bn->bignum); + bn->bignum = NULL; + } + bn->length = 0; + free(bn); + } +} + + +/* + * Windows CNG backend: other functions + */ + +void _libssh2_init_aes_ctr(void) +{ + /* no implementation */ + (void)0; +} + +#endif /* LIBSSH2_WINCNG */ diff --git a/src/wincng.h b/src/wincng.h new file mode 100644 index 0000000..a327b55 --- /dev/null +++ b/src/wincng.h @@ -0,0 +1,327 @@ +/* + * Copyright (C) 2013 Marc Hoersken + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#undef _WIN32_WINNT +#define _WIN32_WINNT 0x0600 + +#ifdef HAVE_WINDOWS_H +#include +#endif +#ifdef HAVE_NTDEF_H +#include +#endif +#ifdef HAVE_NTSTATUS_H +#include +#endif + +#include + + +#define LIBSSH2_MD5 1 + +#define LIBSSH2_HMAC_RIPEMD 0 + +#define LIBSSH2_AES 1 +#define LIBSSH2_AES_CTR 0 +#define LIBSSH2_BLOWFISH 0 +#define LIBSSH2_RC4 1 +#define LIBSSH2_CAST 0 +#define LIBSSH2_3DES 1 + +#define LIBSSH2_RSA 1 +#define LIBSSH2_DSA 1 + +#define MD5_DIGEST_LENGTH 16 +#define SHA_DIGEST_LENGTH 20 + + +/*******************************************************************/ +/* + * Windows CNG backend: Global context handles + */ + +struct _libssh2_wincng_ctx { + BCRYPT_ALG_HANDLE hAlgRNG; + BCRYPT_ALG_HANDLE hAlgHashMD5; + BCRYPT_ALG_HANDLE hAlgHashSHA1; + BCRYPT_ALG_HANDLE hAlgHmacMD5; + BCRYPT_ALG_HANDLE hAlgHmacSHA1; + BCRYPT_ALG_HANDLE hAlgRSA; + BCRYPT_ALG_HANDLE hAlgDSA; + BCRYPT_ALG_HANDLE hAlgAES_CBC; + BCRYPT_ALG_HANDLE hAlgRC4_NA; + BCRYPT_ALG_HANDLE hAlg3DES_CBC; +}; + +struct _libssh2_wincng_ctx _libssh2_wincng; + + +/*******************************************************************/ +/* + * Windows CNG backend: Generic functions + */ + +void _libssh2_wincng_init(void); +void _libssh2_wincng_free(void); + +#define libssh2_crypto_init() \ + _libssh2_wincng_init() +#define libssh2_crypto_exit() \ + _libssh2_wincng_free() + +#define _libssh2_random(buf, len) \ + _libssh2_wincng_random(buf, len) + + +/*******************************************************************/ +/* + * Windows CNG backend: Hash structure + */ + +struct _libssh2_wincng_hash_ctx { + BCRYPT_HASH_HANDLE hHash; + unsigned char *pbHashObject; + unsigned long dwHashObject; + unsigned long cbHash; +}; + +#define _libssh2_wincng_hash_ctx struct _libssh2_wincng_hash_ctx + +/* + * Windows CNG backend: Hash functions + */ + +#define libssh2_sha1_ctx _libssh2_wincng_hash_ctx +#define libssh2_sha1_init(ctx) \ + _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashSHA1, \ + SHA_DIGEST_LENGTH, NULL, 0) +#define libssh2_sha1_update(ctx, data, datalen) \ + _libssh2_wincng_hash_update(&ctx, data, datalen) +#define libssh2_sha1_final(ctx, hash) \ + _libssh2_wincng_hash_final(&ctx, hash) +#define libssh2_sha1(data, datalen, hash) \ + _libssh2_wincng_hash(data, datalen, _libssh2_wincng.hAlgHashSHA1, \ + hash, SHA_DIGEST_LENGTH) + +#define libssh2_md5_ctx _libssh2_wincng_hash_ctx +#define libssh2_md5_init(ctx) \ + _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashMD5, \ + MD5_DIGEST_LENGTH, NULL, 0) +#define libssh2_md5_update(ctx, data, datalen) \ + _libssh2_wincng_hash_update(&ctx, data, datalen) +#define libssh2_md5_final(ctx, hash) \ + _libssh2_wincng_hash_final(&ctx, hash) +#define libssh2_md5(data, datalen, hash) \ + _libssh2_wincng_hash(data, datalen, _libssh2_wincng.hAlgHashMD5, \ + hash, MD5_DIGEST_LENGTH) + +/* + * Windows CNG backend: HMAC functions + */ + +#define libssh2_hmac_ctx _libssh2_wincng_hash_ctx +#define libssh2_hmac_sha1_init(ctx, key, keylen) \ + _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHmacSHA1, \ + SHA_DIGEST_LENGTH, key, keylen) +#define libssh2_hmac_md5_init(ctx, key, keylen) \ + _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHmacMD5, \ + MD5_DIGEST_LENGTH, key, keylen) +#define libssh2_hmac_ripemd160_init(ctx, key, keylen) + /* not implemented */ +#define libssh2_hmac_update(ctx, data, datalen) \ + _libssh2_wincng_hash_update(&ctx, data, datalen) +#define libssh2_hmac_final(ctx, hash) \ + _libssh2_wincng_hmac_final(&ctx, hash) +#define libssh2_hmac_cleanup(ctx) \ + _libssh2_wincng_hmac_cleanup(ctx) + + +/*******************************************************************/ +/* + * Windows CNG backend: Key Context structure + */ + +struct _libssh2_wincng_key_ctx { + BCRYPT_KEY_HANDLE hKey; + unsigned char *pbKeyObject; + unsigned long cbKeyObject; +}; + +#define _libssh2_wincng_key_ctx struct _libssh2_wincng_key_ctx + +/* + * Windows CNG backend: RSA functions + */ + +#define libssh2_rsa_ctx _libssh2_wincng_key_ctx +#define _libssh2_rsa_new(rsactx, e, e_len, n, n_len, \ + d, d_len, p, p_len, q, q_len, \ + e1, e1_len, e2, e2_len, c, c_len) \ + _libssh2_wincng_rsa_new(rsactx, e, e_len, n, n_len, \ + d, d_len, p, p_len, q, q_len, \ + e1, e1_len, e2, e2_len, c, c_len) +#define _libssh2_rsa_new_private(rsactx, s, filename, passphrase) \ + _libssh2_wincng_rsa_new_private(rsactx, s, filename, passphrase) +#define _libssh2_rsa_sha1_sign(s, rsactx, hash, hash_len, sig, sig_len) \ + _libssh2_wincng_rsa_sha1_sign(s, rsactx, hash, hash_len, sig, sig_len) +#define _libssh2_rsa_sha1_verify(rsactx, sig, sig_len, m, m_len) \ + _libssh2_wincng_rsa_sha1_verify(rsactx, sig, sig_len, m, m_len) +#define _libssh2_rsa_free(rsactx) \ + _libssh2_wincng_rsa_free(rsactx) + +/* + * Windows CNG backend: DSA functions + */ + +#define libssh2_dsa_ctx _libssh2_wincng_key_ctx +#define _libssh2_dsa_new(dsactx, p, p_len, q, q_len, \ + g, g_len, y, y_len, x, x_len) \ + _libssh2_wincng_dsa_new(dsactx, p, p_len, q, q_len, \ + g, g_len, y, y_len, x, x_len) +#define _libssh2_dsa_new_private(rsactx, s, filename, passphrase) \ + _libssh2_wincng_dsa_new_private(rsactx, s, filename, passphrase) +#define _libssh2_dsa_sha1_sign(dsactx, hash, hash_len, sig) \ + _libssh2_wincng_dsa_sha1_sign(dsactx, hash, hash_len, sig) +#define _libssh2_dsa_sha1_verify(dsactx, sig, m, m_len) \ + _libssh2_wincng_dsa_sha1_verify(dsactx, sig, m, m_len) +#define _libssh2_dsa_free(dsactx) \ + _libssh2_wincng_dsa_free(dsactx) + +/* + * Windows CNG backend: Key functions + */ + +#define _libssh2_pub_priv_keyfile(s, m, m_len, p, p_len, pk, pw) \ + _libssh2_wincng_pub_priv_keyfile(s, m, m_len, p, p_len, pk, pw) + + +/*******************************************************************/ +/* + * Windows CNG backend: Cipher Context structure + */ + +struct _libssh2_wincng_cipher_ctx { + BCRYPT_KEY_HANDLE hKey; + unsigned char *pbKeyObject; + unsigned char *pbIV; + unsigned long dwKeyObject; + unsigned long dwIV; + unsigned long dwBlockLength; +}; + +#define _libssh2_cipher_ctx struct _libssh2_wincng_cipher_ctx + +/* + * Windows CNG backend: Cipher Type structure + */ + +struct _libssh2_wincng_cipher_type { + BCRYPT_ALG_HANDLE *phAlg; + unsigned long dwKeyLength; + unsigned long dwUseIV; +}; + +#define _libssh2_cipher_type(type) struct _libssh2_wincng_cipher_type type + +#define _libssh2_cipher_aes256ctr { NULL, 32, 1 } /* not supported */ +#define _libssh2_cipher_aes192ctr { NULL, 24, 1 } /* not supported */ +#define _libssh2_cipher_aes128ctr { NULL, 16, 1 } /* not supported */ +#define _libssh2_cipher_aes256 { &_libssh2_wincng.hAlgAES_CBC, 32, 1 } +#define _libssh2_cipher_aes192 { &_libssh2_wincng.hAlgAES_CBC, 24, 1 } +#define _libssh2_cipher_aes128 { &_libssh2_wincng.hAlgAES_CBC, 16, 1 } +#define _libssh2_cipher_blowfish { NULL, 16, 0 } /* not supported */ +#define _libssh2_cipher_arcfour { &_libssh2_wincng.hAlgRC4_NA, 16, 0 } +#define _libssh2_cipher_cast5 { NULL, 16, 0 } /* not supported */ +#define _libssh2_cipher_3des { &_libssh2_wincng.hAlg3DES_CBC, 24, 1 } + +/* + * Windows CNG backend: Cipher functions + */ + +#define _libssh2_cipher_init(ctx, type, iv, secret, encrypt) \ + _libssh2_wincng_cipher_init(ctx, type, iv, secret, encrypt) +#define _libssh2_cipher_crypt(ctx, type, encrypt, block, blocklen) \ + _libssh2_wincng_cipher_crypt(ctx, type, encrypt, block, blocklen) +#define _libssh2_cipher_dtor(ctx) \ + _libssh2_wincng_cipher_dtor(ctx) + +/*******************************************************************/ +/* + * Windows CNG backend: BigNumber Context + */ + +#define _libssh2_bn_ctx int /* not used */ +#define _libssh2_bn_ctx_new() 0 /* not used */ +#define _libssh2_bn_ctx_free(bnctx) ((void)0) /* not used */ + + +/*******************************************************************/ +/* + * Windows CNG backend: BigNumber structure + */ + +struct _libssh2_wincng_bignum { + unsigned char *bignum; + unsigned long length; +}; + +#define _libssh2_bn struct _libssh2_wincng_bignum + +/* + * Windows CNG backend: BigNumber functions + */ + +_libssh2_bn *_libssh2_wincng_bignum_init(void); + +#define _libssh2_bn_init() \ + _libssh2_wincng_bignum_init() +#define _libssh2_bn_rand(bn, bits, top, bottom) \ + _libssh2_wincng_bignum_rand(bn, bits, top, bottom) +#define _libssh2_bn_mod_exp(r, a, p, m, ctx) \ + _libssh2_wincng_bignum_mod_exp(r, a, p, m, ctx) +#define _libssh2_bn_set_word(bn, word) \ + _libssh2_wincng_bignum_set_word(bn, word) +#define _libssh2_bn_from_bin(bn, len, bin) \ + _libssh2_wincng_bignum_from_bin(bn, len, bin) +#define _libssh2_bn_to_bin(bn, bin) \ + _libssh2_wincng_bignum_to_bin(bn, bin) +#define _libssh2_bn_bytes(bn) bn->length +#define _libssh2_bn_bits(bn) \ + _libssh2_wincng_bignum_bits(bn) +#define _libssh2_bn_free(bn) \ + _libssh2_wincng_bignum_free(bn) -- 1.8.1.msysgit.1 --------------060305020901020006070502 Content-Type: text/plain; charset=windows-1252; name="0001-win32-Make-it-possible-to-compile-using-OpenSSL-for-.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0001-win32-Make-it-possible-to-compile-using-OpenSSL-for-.pa"; filename*1="tch" From 9136ee4480955170d01288df9e1209b5251c5918 Mon Sep 17 00:00:00 2001 From: Marc Hoersken Date: Mon, 18 Nov 2013 17:55:09 +0100 Subject: [PATCH] win32: Make it possible to compile using OpenSSL for now Commit d512b25f69a1b6778881f6b4b5ff9cfc6023be42 changed the way crypto libraries are detected and makes it necessary to define LIBSSH2_OPENSSL in order to compile against OpenSSL. Since the win32 makefiles NMakefile and GNUmakefile only support OpenSSL the define can be hardcoded for now. --- win32/GNUmakefile | 2 +- win32/config.mk | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/win32/GNUmakefile b/win32/GNUmakefile index c0cc20a..fd99e12 100644 --- a/win32/GNUmakefile +++ b/win32/GNUmakefile @@ -99,7 +99,7 @@ endif -include $(OBJDIR)/version.inc # Global flags for all compilers -CFLAGS = $(OPT) -D$(DB) -DLIBSSH2_WIN32 # -DHAVE_CONFIG_H +CFLAGS = $(OPT) -D$(DB) -DLIBSSH2_WIN32 -DLIBSSH2_OPENSSL # -DHAVE_CONFIG_H ifeq ($(ARCH),w64) CFLAGS += -D_AMD64_ endif diff --git a/win32/config.mk b/win32/config.mk index 4c8eb2a..7495684 100644 --- a/win32/config.mk +++ b/win32/config.mk @@ -1,4 +1,4 @@ - +# This file is used by NMakefile-based builds # Tweak these for your system !if "$(OPENSSLINC)" == "" OPENSSLINC=..\openssl-0.9.8x\inc32 @@ -29,7 +29,7 @@ CPPFLAGS=/Oi /O2 /Oy /GF /Y- /MD /DNDEBUG DLLFLAGS=/DEBUG /LD !endif -CPPFLAGS=/nologo /GL /Zi /EHsc $(CPPFLAGS) /Iwin32 /Iinclude /I$(OPENSSLINC) $(ZLIBINC) +CPPFLAGS=/nologo /GL /Zi /EHsc $(CPPFLAGS) /Iwin32 /Iinclude -DLIBSSH2_OPENSSL /I$(OPENSSLINC) $(ZLIBINC) CFLAGS=$(CPPFLAGS) RCFLAGS=/Iinclude DLLFLAGS=$(CFLAGS) $(DLLFLAGS) -- 1.8.1.msysgit.1 --------------060305020901020006070502 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel --------------060305020901020006070502-- From libssh2-devel-bounces@cool.haxx.se Thu Mar 13 13:37:18 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2DCavSb030218; Thu, 13 Mar 2014 13:37:15 +0100 Received: from bay0-omc4-s4.bay0.hotmail.com (bay0-omc4-s4.bay0.hotmail.com [65.54.190.206]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2DCasFO030110 for ; Thu, 13 Mar 2014 13:36:55 +0100 Received: from BAY407-EAS295 ([65.54.190.201]) by bay0-omc4-s4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 13 Mar 2014 05:36:50 -0700 X-TMN: [rmLB9ttqTHZV19m5gJ8hSQHQ48Qw697D] X-Originating-Email: [bob_2824@hotmail.com] Message-ID: From: Bob Kast To: "'libssh2 development'" References: In-Reply-To: Subject: RE: SFTP read problems Date: Thu, 13 Mar 2014 08:36:48 -0400 MIME-Version: 1.0 X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQABAgMEXC+3KMz7h9TL5m2nWwj6OgD9U0lcAKgDdH6ebkHAQA== Content-Language: en-us X-OriginalArrivalTime: 13 Mar 2014 12:36:50.0300 (UTC) FILETIME=[E7ECE3C0:01CF3EB8] X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" > > My code requests a block of 4096. It multiplies that by 4 (16,384), > > then it starts doing packets requesting 2000 characters. After it's > > done 8 of these, the 'count' goes down to 384, which is what > > chunk->len is set to above. rc32 is set to 2000 so it fails. > I assume you're trying with the latest libssh2 version? Yes. > > I've found if I have the requested buffer at exactly a multiple of > > 2000, it seems to work, although I'm somewhat nervous about it working for all cases. > > > > Is this expected? It is not documented. > > It is not expected. The check above is there to detect the error situation when a > server returns a bigger chunk than what we asked for. > > libssh2 splits up data sizes into smaller chunks and ask for them one by one, so > chunk->len is supposed to be the size of the chunk it asked for. I spent some time debugging it and at this point it does look like a server-side issue. I also tested the x86 version, thinking that there was a chance that the x64 compile may have introduced a bug but it behaves the same. By specifying a multiple of 2000 byte buffer it never asks (so far, at least) for a partial buffer and gets around the problem. Thanks, Bob _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Thu Mar 13 15:18:26 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2DEIAtr011566; Thu, 13 Mar 2014 15:18:24 +0100 Received: from bay0-omc4-s20.bay0.hotmail.com (bay0-omc4-s20.bay0.hotmail.com [65.54.190.222]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2DEI9iF010993 for ; Thu, 13 Mar 2014 15:18:09 +0100 Received: from BAY407-EAS25 ([65.54.190.200]) by bay0-omc4-s20.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 13 Mar 2014 07:18:03 -0700 X-TMN: [TpVU/tD2bPsTu5oTd4QJQcND6ygq/WzW] X-Originating-Email: [bob_2824@hotmail.com] Message-ID: From: Bob Kast To: "'libssh2 development'" References: <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20130922151824.23037.qmail@stuge.se> <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20131113020632.28469.qmail@stuge.se> <52895481.30407@marc-hoersken.de> <531B1EDD.4050804@marc-hoersken.de> In-Reply-To: Subject: RE: [PATCH] Added Windows Cryptography API: Next Generation backend Date: Thu, 13 Mar 2014 10:18:03 -0400 MIME-Version: 1.0 X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQABAgME26NNhHPVYzJ7c9Yw7yC3/wByfiepnnfr7jA= Content-Language: en-us X-OriginalArrivalTime: 13 Mar 2014 14:18:03.0921 (UTC) FILETIME=[0C15E810:01CF3EC7] X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" For the WinCNG backend: This would be great in that I'd have one less open source library (openssl) to maintain. I did look into this a bit but came up with too many questions: Going through openssl.h to see what needed to be done, the hashes were pretty simple except that LIBSSH2_HMAC_RIPEMD is not supported by WinCNG. Supporting encryption/signing was less clear to me. The following are also not supported by WinCNG: LIBSSH2_AES_CTR LIBSSH2_BLOWFISH LIBSSH2_CAST Modes WinCNG supports for AES: - ECB - CBC - CFB - CCM - GCM Not sure what _libssh2_bn would map to. My purpose for using libssh2 is to implement SFTP. What does WinCNG need to provide in order for SFTP to be fully implemented? -----Original Message----- From: libssh2-devel [mailto:libssh2-devel-bounces@cool.haxx.se] On Behalf Of Daniel Stenberg Sent: Wednesday, March 12, 2014 3:44 PM To: libssh2 development Subject: Re: [PATCH] Added Windows Cryptography API: Next Generation backend On Sat, 8 Mar 2014, Marc Hoersken wrote: > what do you think about making some progress regarding the > implementation and merge of the Windows Cryptography API: Next Generation backend. Can you summerize for us what the outstanding issues/patches are? -- / daniel.haxx.se _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Thu Mar 13 20:40:17 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2DJdr5A022042; Thu, 13 Mar 2014 20:40:13 +0100 Received: from foo.stuge.se (qmailr@foo.stuge.se [212.116.89.98]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2DJdqMZ022032 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 13 Mar 2014 20:39:52 +0100 Received: (qmail 6740 invoked by uid 501); 13 Mar 2014 19:39:52 -0000 Message-ID: <20140313193952.6739.qmail@stuge.se> Date: Thu, 13 Mar 2014 20:39:52 +0100 From: Peter Stuge To: libssh2-devel@cool.haxx.se Subject: Re: [PATCH] Added Windows Cryptography API: Next Generation backend Mail-Followup-To: libssh2-devel@cool.haxx.se References: <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20131113020632.28469.qmail@stuge.se> <52895481.30407@marc-hoersken.de> <531B1EDD.4050804@marc-hoersken.de> <5320D009.2000901@marc-hoersken.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="NU0Ex4SbNnrxsi6C" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <5320D009.2000901@marc-hoersken.de> X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" --NU0Ex4SbNnrxsi6C Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Marc Hoersken wrote: > On 12.03.2014 20:44, Daniel Stenberg wrote: > > Can you summerize for us what the outstanding issues/patches are? > > I think the outstanding issues / possible areas of improvement are: > - reducing the ifdef-backend-logic within pem.c, at least that was a > suggestion by Peter in his mail from the 13th November: > > I think we need to figure something better out here. Is there a reason > > not to simply always compile those first few functions in pem.c? Yes, we should find a solution for this. Marc, did you notice if there *is* a reason not to always compile those first functions? Let's see if we can hammer this one out. > - not directly related to the WinCNG backend, but rather Peter's changes > to the backend selection logic: fixing the non-autotools based > buildsystem to compile again. Yes, I overlooked the define. :( Please have a look at the attached patch. If you think it's OK I'll push it. Then it's just the pem.c thing left. //Peter --NU0Ex4SbNnrxsi6C Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0001-Fix-non-autotools-builds-Always-define-the-LIBSSH2_O.patch" Content-Transfer-Encoding: 8bit From 8c77d7d640c795806afc827ed5133af430c5db0c Mon Sep 17 00:00:00 2001 From: Peter Stuge Date: Thu, 13 Mar 2014 20:30:32 +0100 Subject: [PATCH] Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit d512b25f69a1b6778881f6b4b5ff9cfc6023be42 introduced a crypto library abstraction in the autotools build system, to allow us to more easily support new crypto libraries. In that process it was found that all other build system which we support are hard-coded to build with OpenSSL. Commit f5c1a0d98bd51aeb24aca3d49c7c81dcf8bd858d fixes automake introduced into non-autotools build systems but still overlooked the CPP macro saying that we are using OpenSSL. Thanks to Marc Hörsken for identifying this issue and proposing a fix for win32/{GNUmakefile,config.mk}. This commit uses a slightly different approach but the end result is the same. --- nw/GNUmakefile | 1 + win32/GNUmakefile | 1 + win32/Makefile.Watcom | 1 + win32/config.mk | 2 +- win32/msvcproj.head | 17 +++++++++-------- 5 files changed, 13 insertions(+), 9 deletions(-) diff --git a/nw/GNUmakefile b/nw/GNUmakefile index e666e29..0fde45a 100644 --- a/nw/GNUmakefile +++ b/nw/GNUmakefile @@ -214,6 +214,7 @@ endif vpath %.c . ../src # only OpenSSL is supported with this build system +CFLAGS += -DLIBSSH2_OPENSSL include ../Makefile.OpenSSL.inc # include Makefile.inc to get CSOURCES define diff --git a/win32/GNUmakefile b/win32/GNUmakefile index c0cc20a..90e06d4 100644 --- a/win32/GNUmakefile +++ b/win32/GNUmakefile @@ -180,6 +180,7 @@ CFLAGS += $(INCLUDES) vpath %.c . ../src # only OpenSSL is supported with this build system +CFLAGS += -DLIBSSH2_OPENSSL include ../Makefile.OpenSSL.inc # include Makefile.inc to get CSOURCES define diff --git a/win32/Makefile.Watcom b/win32/Makefile.Watcom index 5847cf7..f0f0408 100644 --- a/win32/Makefile.Watcom +++ b/win32/Makefile.Watcom @@ -94,6 +94,7 @@ LIB_ARG = $(OBJ_BASE)\stat\wlib.arg !error You MUST call wmake with the -u switch! !else # only OpenSSL is supported with this build system +CFLAGS += -dLIBSSH2_OPENSSL !include ..\Makefile.OpenSSL.inc !include ..\Makefile.inc !endif diff --git a/win32/config.mk b/win32/config.mk index 4c8eb2a..f0e514a 100644 --- a/win32/config.mk +++ b/win32/config.mk @@ -29,7 +29,7 @@ CPPFLAGS=/Oi /O2 /Oy /GF /Y- /MD /DNDEBUG DLLFLAGS=/DEBUG /LD !endif -CPPFLAGS=/nologo /GL /Zi /EHsc $(CPPFLAGS) /Iwin32 /Iinclude /I$(OPENSSLINC) $(ZLIBINC) +CPPFLAGS=/nologo /GL /Zi /EHsc $(CPPFLAGS) /Iwin32 /Iinclude /DLIBSSH2_OPENSSL /I$(OPENSSLINC) $(ZLIBINC) CFLAGS=$(CPPFLAGS) RCFLAGS=/Iinclude DLLFLAGS=$(CFLAGS) $(DLLFLAGS) diff --git a/win32/msvcproj.head b/win32/msvcproj.head index ded6343..6b39740 100644 --- a/win32/msvcproj.head +++ b/win32/msvcproj.head @@ -1,6 +1,7 @@ # Microsoft Developer Studio Project File - Name="libssh2" - Package Owner=<4> # Microsoft Developer Studio Generated Build File, Format Version 6.00 # ** DO NOT EDIT ** +# only OpenSSL is supported with this build system # TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 # TARGTYPE "Win32 (x86) Static Library" 0x0104 @@ -45,8 +46,8 @@ RSC=rc.exe # PROP Intermediate_Dir "Release_dll" # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "LIBSSH2_WIN32" /D "_MBCS" /D "_LIB" /YX /FD /c -# ADD CPP /nologo /MD /W3 /GX /O2 /I "..\win32" /I "..\include" /D "WIN32" /D "NDEBUG" /D "LIBSSH2_WIN32" /D "_MBCS" /D "_LIB" /YX /FD /c +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "LIBSSH2_WIN32" /D "LIBSSH2_OPENSSL" /D "_MBCS" /D "_LIB" /YX /FD /c +# ADD CPP /nologo /MD /W3 /GX /O2 /I "..\win32" /I "..\include" /D "WIN32" /D "NDEBUG" /D "LIBSSH2_WIN32" /D "LIBSSH2_OPENSSL" /D "_MBCS" /D "_LIB" /YX /FD /c # SUBTRACT CPP /YX # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32 # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 @@ -72,8 +73,8 @@ LINK32=link.exe # PROP Intermediate_Dir "Debug_dll" # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "LIBSSH2_WIN32" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c -# ADD CPP /nologo /MD /W3 /Gm /GX /ZI /Od /I "..\win32" /I "..\include" /D "WIN32" /D "_DEBUG" /D "LIBSSH2_WIN32" /D "_MBCS" /D "_LIB" /D "LIBSSH2DEBUG" /YX /FD /GZ /c +# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "LIBSSH2_WIN32" /D "LIBSSH2_OPENSSL" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c +# ADD CPP /nologo /MD /W3 /Gm /GX /ZI /Od /I "..\win32" /I "..\include" /D "WIN32" /D "_DEBUG" /D "LIBSSH2_WIN32" /D "LIBSSH2_OPENSSL" /D "_MBCS" /D "_LIB" /D "LIBSSH2DEBUG" /YX /FD /GZ /c # SUBTRACT CPP /WX /YX # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32 # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 @@ -99,8 +100,8 @@ LINK32=link.exe # PROP Output_Dir "Release_lib" # PROP Intermediate_Dir "Release_lib" # PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "LIBSSH2_WIN32" /D "_MBCS" /D "_LIB" /YX /FD /c -# ADD CPP /nologo /MD /W3 /GX /O2 /I "..\win32" /I "..\include" /D "WIN32" /D "NDEBUG" /D "LIBSSH2_WIN32" /D "_MBCS" /D "_LIB" /YX /FD /c +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "LIBSSH2_WIN32" /D "LIBSSH2_OPENSSL" /D "_MBCS" /D "_LIB" /YX /FD /c +# ADD CPP /nologo /MD /W3 /GX /O2 /I "..\win32" /I "..\include" /D "WIN32" /D "NDEBUG" /D "LIBSSH2_WIN32" /D "LIBSSH2_OPENSSL" /D "_MBCS" /D "_LIB" /YX /FD /c # ADD BASE RSC /l 0x409 /d "NDEBUG" # ADD RSC /l 0x409 /d "NDEBUG" BSC32=bscmake.exe @@ -123,8 +124,8 @@ LIB32=link.exe -lib # PROP Output_Dir "Debug_lib" # PROP Intermediate_Dir "Debug_lib" # PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "LIBSSH2_WIN32" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c -# ADD CPP /nologo /MD /W3 /Gm /GX /ZI /Od /I "..\win32" /I "..\include" /D "WIN32" /D "_DEBUG" /D "LIBSSH2_WIN32" /D "_MBCS" /D "_LIB" /D "LIBSSH2DEBUG" /YX /FD /GZ /c +# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "LIBSSH2_WIN32" /D "LIBSSH2_OPENSSL" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c +# ADD CPP /nologo /MD /W3 /Gm /GX /ZI /Od /I "..\win32" /I "..\include" /D "WIN32" /D "_DEBUG" /D "LIBSSH2_WIN32" /D "LIBSSH2_OPENSSL" /D "_MBCS" /D "_LIB" /D "LIBSSH2DEBUG" /YX /FD /GZ /c # ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG" BSC32=bscmake.exe -- 1.8.1.rc0.2.gfb4c622.dirty --NU0Ex4SbNnrxsi6C Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel --NU0Ex4SbNnrxsi6C-- From libssh2-devel-bounces@cool.haxx.se Thu Mar 13 21:40:45 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2DKeRqr006023; Thu, 13 Mar 2014 21:40:43 +0100 Received: from mx.uxnr.de (mx.uxnr.de [IPv6:2a00:1828:2000:378:2525:0:59ee:542f]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2DKeQHZ005983 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 13 Mar 2014 21:40:26 +0100 Received: from [10.10.0.3] (mh02.marc.uxnr.eu [10.10.0.3]) by mx.uxnr.de (Postfix) with ESMTPSA id 2454F377BDD for ; Thu, 13 Mar 2014 21:40:21 +0100 (CET) X-DKIM: OpenDKIM Filter v2.6.8 mx.uxnr.de 2454F377BDD DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=marc-hoersken.de; s=picard; t=1394743222; bh=dJ4jM+bkQ/Gf/Ev4YnreOWVhlq9suo8OI+HQWEEkziE=; h=Date:From:To:Subject:References:In-Reply-To:From; b=gesyxo/FNM1isX8p/6lDS0cuKcgA77MhdoQpPyErJMCm/ZlayQnEemOZt+GG0CAeY ajIurjyXeU1/GqPKTmbVcUfxamL1dA45cbzGtNUkS/0R1v4aJfSCHI7dO++82KxfVQ lg0rm3X9PsR+nclQDhAdQl7xiYvkqg1uS/rnaKsE= Message-ID: <532217AD.4060203@marc-hoersken.de> Date: Thu, 13 Mar 2014 21:40:13 +0100 From: Marc Hoersken User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: libssh2 development Subject: Re: [PATCH] Added Windows Cryptography API: Next Generation backend References: <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20130922151824.23037.qmail@stuge.se> <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20131113020632.28469.qmail@stuge.se> <52895481.30407@marc-hoersken.de> <531B1EDD.4050804@marc-hoersken.de>

In-Reply-To: X-Enigmail-Version: 1.6 X-Spam-Status: No, score=-1.1 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU autolearn=unavailable version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on picard.vpn.uxnr.de X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" On 13.03.2014 15:18, Bob Kast wrote: > Going through openssl.h to see what needed to be done, the hashes were > pretty simple except that LIBSSH2_HMAC_RIPEMD is not supported by WinCNG. Yes, that is true. There is currently no direct way to implement RIPEMD using the CryptoAPI or WinCNG. > Supporting encryption/signing was less clear to me. RSA and DSA as well as AES, RC4 and 3DES are supported by WinCNG. > The following are also not supported by WinCNG: > LIBSSH2_AES_CTR > LIBSSH2_BLOWFISH > LIBSSH2_CAST Yes, that is correct as well. > Modes WinCNG supports for AES: > - ECB > - CBC > - CFB > - CCM > - GCM AES-CTR could probably be implemented on top of EBC, just like it's done if OpenSSL was built without it. > Not sure what _libssh2_bn would map to. I found a way to use RSA encryption in order to implement the required math functions (e.g. modular exponentiation) by using it with big numbers stored as byte arrays. This is also the reason why I had to use WinCNG instead of CryptoAPI, since the later one is limited to a 4-byte exponent. Please see my original mail for a longer explanation: http://libssh2.org/mail/libssh2-devel-archive-2013-05/0011.shtml > My purpose for using libssh2 is to implement SFTP. What does WinCNG need to > provide in order for SFTP to be fully implemented? I tested my implementation against an OpenSSH and Bitvise SSH Server using the implemented algorithms and everything worked fine. It seems like all required functionality is implemented. _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Fri Mar 14 19:26:37 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2EIQC0h011977; Fri, 14 Mar 2014 19:26:33 +0100 Received: from bay0-omc4-s18.bay0.hotmail.com (bay0-omc4-s18.bay0.hotmail.com [65.54.190.220]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2EIQ8Uv011927 for ; Fri, 14 Mar 2014 19:26:09 +0100 Received: from BAY407-EAS92 ([65.54.190.199]) by bay0-omc4-s18.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 14 Mar 2014 11:26:03 -0700 X-TMN: [kgDycq2nGOmDBEf8/4vSxCbi9LZKR3ej] X-Originating-Email: [bob_2824@hotmail.com] Message-ID: From: Bob Kast To: "'libssh2 development'" References: <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20130922151824.23037.qmail@stuge.se> <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20131113020632.28469.qmail@stuge.se> <52895481.30407@marc-hoersken.de> <531B1EDD.4050804@marc-hoersken.de>

<532217AD.4060203@marc-hoersken.de> In-Reply-To: <532217AD.4060203@marc-hoersken.de> Subject: RE: [PATCH] Added Windows Cryptography API: Next Generation backend Date: Fri, 14 Mar 2014 14:26:01 -0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0066_01CF3F91.53802AB0" X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQABAgME26NNhHPVYzJ7c9Yw7yC3/wByfiepALehmp4AvfuhMJ5uFM2w Content-Language: en-us X-OriginalArrivalTime: 14 Mar 2014 18:26:03.0449 (UTC) FILETIME=[DB637290:01CF3FB2] X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" ------=_NextPart_000_0066_01CF3F91.53802AB0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Okay, I'm new to this and I didn't realize you had already done all the work! I checked out the latest and applied your patches and got Visual Studio 2013 to work with it (notice .sln/.vcxproj files). I have 2 platforms (x64 and x86), and 4 configurations (LIB Debug, LIB Release, DLL Debug, DLL Release). I fixed the warnings for x86 compiles. There are lots more on x64 (the main reason: on WIN64 size_t is a 64 bit type) and didn't deal with them yet. In any case, I got them all to compile and link and I thought I was home free but when I tested it for doing a SFTP Get file, the password authorization fails. I stepped through it and it seems to format a request packet correctly and waits for a response, and the response contains SSH_MSG_USERAUTH_FAILURE as the first byte. Not sure where to go from here. I did check out the latest version. Should I check out some more stable version? I attached my patches. A couple of notes: _LIBSSH2_SESSION::scpRecv_mode (long) is assigned to struct stat::st_mode (unsigned short) Are they supposed to be the same type? In _libssh2_wincng_bignum_set_word() the local variable "bits" was never initialized. I assume it is supposed to be initialized to 0. Thanks, Bob -----Original Message----- From: libssh2-devel [mailto:libssh2-devel-bounces@cool.haxx.se] On Behalf Of Marc Hoersken Sent: Thursday, March 13, 2014 4:40 PM To: libssh2 development Subject: Re: [PATCH] Added Windows Cryptography API: Next Generation backend On 13.03.2014 15:18, Bob Kast wrote: > Going through openssl.h to see what needed to be done, the hashes were > pretty simple except that LIBSSH2_HMAC_RIPEMD is not supported by WinCNG. Yes, that is true. There is currently no direct way to implement RIPEMD using the CryptoAPI or WinCNG. > Supporting encryption/signing was less clear to me. RSA and DSA as well as AES, RC4 and 3DES are supported by WinCNG. > The following are also not supported by WinCNG: > LIBSSH2_AES_CTR > LIBSSH2_BLOWFISH > LIBSSH2_CAST Yes, that is correct as well. > Modes WinCNG supports for AES: > - ECB > - CBC > - CFB > - CCM > - GCM AES-CTR could probably be implemented on top of EBC, just like it's done if OpenSSL was built without it. > Not sure what _libssh2_bn would map to. I found a way to use RSA encryption in order to implement the required math functions (e.g. modular exponentiation) by using it with big numbers stored as byte arrays. This is also the reason why I had to use WinCNG instead of CryptoAPI, since the later one is limited to a 4-byte exponent. Please see my original mail for a longer explanation: http://libssh2.org/mail/libssh2-devel-archive-2013-05/0011.shtml > My purpose for using libssh2 is to implement SFTP. What does WinCNG > need to provide in order for SFTP to be fully implemented? I tested my implementation against an OpenSSH and Bitvise SSH Server using the implemented algorithms and everything worked fine. It seems like all required functionality is implemented. _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel ------=_NextPart_000_0066_01CF3F91.53802AB0 Content-Type: application/octet-stream; name="VS2013_WinCNG.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="VS2013_WinCNG.patch" .gitignore | 4 +=0A= Makefile.WinCNG.inc | 2 +=0A= configure.ac | 34 +-=0A= include/libssh2.h | 2 +-=0A= src/Makefile.am | 3 +=0A= src/crypto.h | 4 +=0A= src/keepalive.c | 4 +-=0A= src/openssl.c | 4 +=0A= src/pem.c | 8 +-=0A= src/scp.c | 2 +-=0A= src/sftp.c | 10 +-=0A= src/wincng.c | 1785 = +++++++++++++++++++++++++++++++++++++++++=0A= src/wincng.h | 367 +++++++++=0A= win32/.gitignore | 1 +=0A= win32/libssh2.sln | 53 ++=0A= win32/libssh2.vcxproj | 502 ++++++++++++=0A= win32/libssh2.vcxproj.filters | 131 +++=0A= win32/tests.vcxproj | 144 ++++=0A= win32/tests.vcxproj.filters | 22 +=0A= 19 files changed, 3070 insertions(+), 12 deletions(-)=0A= =0A= diff --git a/.gitignore b/.gitignore=0A= index 055de4d..5f6bd58 100644=0A= --- a/.gitignore=0A= +++ b/.gitignore=0A= @@ -34,3 +34,7 @@ tags=0A= libssh2.pc=0A= TAGS=0A= *~=0A= +/win32/*.opensdf=0A= +/win32/*.sdf=0A= +/win32/*.suo=0A= +/win32/*.user=0A= diff --git a/Makefile.WinCNG.inc b/Makefile.WinCNG.inc=0A= new file mode 100644=0A= index 0000000..c18350e=0A= --- /dev/null=0A= +++ b/Makefile.WinCNG.inc=0A= @@ -0,0 +1,2 @@=0A= +CRYPTO_CSOURCES =3D wincng.c=0A= +CRYPTO_HHEADERS =3D wincng.h=0A= diff --git a/configure.ac b/configure.ac=0A= index b24ace2..ba4dd7a 100644=0A= --- a/configure.ac=0A= +++ b/configure.ac=0A= @@ -89,6 +89,9 @@ AC_ARG_WITH(openssl,=0A= AC_ARG_WITH(libgcrypt,=0A= AC_HELP_STRING([--with-libgcrypt],[Use libgcrypt for crypto]),=0A= use_libgcrypt=3D$withval,use_libgcrypt=3Dauto)=0A= +AC_ARG_WITH(wincng,=0A= + AC_HELP_STRING([--with-wincng],[Use Windows CNG for crypto]),=0A= + use_wincng=3D$withval,use_wincng=3Dauto)=0A= AC_ARG_WITH(libz,=0A= AC_HELP_STRING([--with-libz],[Use zlib for compression]),=0A= use_libz=3D$withval,use_libz=3Dauto)=0A= @@ -125,10 +128,37 @@ if test "$ac_cv_libgcrypt" =3D "yes"; then=0A= fi=0A= AM_CONDITIONAL(LIBGCRYPT, test "$ac_cv_libgcrypt" =3D "yes")=0A= =0A= +# Look for Windows Cryptography API: Next Generation=0A= +if test "$found_crypto" =3D "none" && test "$use_wincng" !=3D "no"; then=0A= + AC_LIB_HAVE_LINKFLAGS([bcrypt], [], [=0A= + #include =0A= + #include =0A= + ])=0A= + AC_LIB_HAVE_LINKFLAGS([crypt32], [], [=0A= + #include =0A= + #include =0A= + ])=0A= + AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [=0A= + #include =0A= + ])=0A= +fi=0A= +if test "$ac_cv_libbcrypt" =3D "yes"; then=0A= + AC_DEFINE(LIBSSH2_WINCNG, 1, [Use Windows CNG])=0A= + LIBSREQUIRED=3D # wincng doesn't provide a .pc file. sad face.=0A= + LIBS=3D"$LIBS -lbcrypt"=0A= + if test "$ac_cv_libcrypt32" =3D "yes"; then=0A= + LIBS=3D"$LIBS -lcrypt32"=0A= + fi=0A= + found_crypto=3D"Windows Cryptography API: Next Generation"=0A= +fi=0A= +AM_CONDITIONAL(WINCNG, test "$ac_cv_libbcrypt" =3D "yes")=0A= +=0A= +# Check if crypto library was found=0A= if test "$found_crypto" =3D "none"; then=0A= AC_MSG_ERROR([No crypto library found!=0A= -Try --with-libssl-prefix=3DPATH\=0A= - or --with-libgcrypt-prefix=3DPATH\=0A= +Try --with-libssl-prefix=3DPATH=0A= + or --with-libgcrypt-prefix=3DPATH=0A= + or --with-wincng on Windows\=0A= ])=0A= fi=0A= =0A= diff --git a/include/libssh2.h b/include/libssh2.h=0A= index 3cb2be5..8047b49 100644=0A= --- a/include/libssh2.h=0A= +++ b/include/libssh2.h=0A= @@ -281,7 +281,7 @@ typedef struct _LIBSSH2_POLLFD {=0A= unsigned char type; /* LIBSSH2_POLLFD_* below */=0A= =0A= union {=0A= - int socket; /* File descriptors -- examined with system = select() call */=0A= + libssh2_socket_t socket; /* File descriptors -- examined with system = select() call */=0A= LIBSSH2_CHANNEL *channel; /* Examined by checking internal = state */=0A= LIBSSH2_LISTENER *listener; /* Read polls only -- are inbound=0A= connections waiting to be = accepted? */=0A= diff --git a/src/Makefile.am b/src/Makefile.am=0A= index da7beb5..5979a27 100644=0A= --- a/src/Makefile.am=0A= +++ b/src/Makefile.am=0A= @@ -8,6 +8,9 @@ endif=0A= if LIBGCRYPT=0A= include ../Makefile.libgcrypt.inc=0A= endif=0A= +if WINCNG=0A= +include ../Makefile.WinCNG.inc=0A= +endif=0A= =0A= # Makefile.inc provides the CSOURCES and HHEADERS defines=0A= include ../Makefile.inc=0A= diff --git a/src/crypto.h b/src/crypto.h=0A= index 9a052e3..a615bb1 100644=0A= --- a/src/crypto.h=0A= +++ b/src/crypto.h=0A= @@ -46,6 +46,10 @@=0A= #include "libgcrypt.h"=0A= #endif=0A= =0A= +#ifdef LIBSSH2_WINCNG=0A= +#include "wincng.h"=0A= +#endif=0A= +=0A= int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,=0A= const unsigned char *edata,=0A= unsigned long elen,=0A= diff --git a/src/keepalive.c b/src/keepalive.c=0A= index 260206a..4491dc8 100644=0A= --- a/src/keepalive.c=0A= +++ b/src/keepalive.c=0A= @@ -90,8 +90,8 @@ libssh2_keepalive_send (LIBSSH2_SESSION *session,=0A= if (seconds_to_next)=0A= *seconds_to_next =3D session->keepalive_interval;=0A= } else if (seconds_to_next) {=0A= - *seconds_to_next =3D (int) session->keepalive_last_sent=0A= - + session->keepalive_interval - now;=0A= + *seconds_to_next =3D (int) (session->keepalive_last_sent=0A= + + session->keepalive_interval - now);=0A= }=0A= =0A= return 0;=0A= diff --git a/src/openssl.c b/src/openssl.c=0A= index b26842b..371bc9e 100644=0A= --- a/src/openssl.c=0A= +++ b/src/openssl.c=0A= @@ -38,6 +38,8 @@=0A= * OF SUCH DAMAGE.=0A= */=0A= =0A= +#ifdef LIBSSH2_OPENSSL /* compile only if we build with openssl */=0A= +=0A= #include "libssh2_priv.h"=0A= =0A= #include =0A= @@ -814,3 +816,5 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,=0A= EVP_PKEY_free(pk);=0A= return st;=0A= }=0A= +=0A= +#endif /* LIBSSH2_OPENSSL */=0A= diff --git a/src/pem.c b/src/pem.c=0A= index 5749bc8..374870b 100644=0A= --- a/src/pem.c=0A= +++ b/src/pem.c=0A= @@ -38,7 +38,8 @@=0A= =0A= #include "libssh2_priv.h"=0A= =0A= -#ifdef LIBSSH2_LIBGCRYPT /* compile only if we build with libgcrypt */=0A= +/* compile only if we build with libgcrypt or wincng */=0A= +#if defined(LIBSSH2_LIBGCRYPT) || defined(LIBSSH2_WINCNG)=0A= =0A= static int=0A= readline(char *line, int line_size, FILE * fp)=0A= @@ -113,6 +114,11 @@ _libssh2_pem_parse(LIBSSH2_SESSION * session,=0A= return ret;=0A= }=0A= =0A= +#endif /* LIBSSH2_LIBGCRYPT or LIBSSH2_WINCNG */=0A= +=0A= +/* compile only if we build with libgcrypt */=0A= +#ifdef LIBSSH2_LIBGCRYPT=0A= +=0A= static int=0A= read_asn1_length(const unsigned char *data,=0A= unsigned int datalen, unsigned int *len)=0A= diff --git a/src/scp.c b/src/scp.c=0A= index 1ccd3be..89f302b 100644=0A= --- a/src/scp.c=0A= +++ b/src/scp.c=0A= @@ -727,7 +727,7 @@ scp_recv(LIBSSH2_SESSION * session, const char = *path, struct stat * sb)=0A= sb->st_mtime =3D session->scpRecv_mtime;=0A= sb->st_atime =3D session->scpRecv_atime;=0A= sb->st_size =3D session->scpRecv_size;=0A= - sb->st_mode =3D session->scpRecv_mode;=0A= + sb->st_mode =3D (unsigned short)session->scpRecv_mode;=0A= }=0A= =0A= session->scpRecv_state =3D libssh2_NB_state_idle;=0A= diff --git a/src/sftp.c b/src/sftp.c=0A= index 97105a3..3a0c25c 100644=0A= --- a/src/sftp.c=0A= +++ b/src/sftp.c=0A= @@ -1308,7 +1308,7 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * = handle, char *buffer,=0A= without having been acked - until we reach EOF. */=0A= if(!filep->eof) {=0A= /* Number of bytes asked for that haven't been acked yet */=0A= - size_t already =3D (filep->offset_sent - filep->offset);=0A= + size_t already =3D (size_t)(filep->offset_sent - = filep->offset);=0A= =0A= size_t max_read_ahead =3D buffer_size*4;=0A= unsigned long recv_window;=0A= @@ -1830,8 +1830,8 @@ static ssize_t sftp_write(LIBSSH2_SFTP_HANDLE = *handle, const char *buffer,=0A= acked but we haven't been able to return as such yet, so we = will=0A= get that data as well passed in here again.=0A= */=0A= - already =3D (handle->u.file.offset_sent - = handle->u.file.offset)+=0A= - handle->u.file.acked;=0A= + already =3D (size_t)((handle->u.file.offset_sent - = handle->u.file.offset)+=0A= + handle->u.file.acked);=0A= =0A= if(count >=3D already) {=0A= /* skip the part already made into packets */=0A= @@ -2767,7 +2767,7 @@ static int sftp_fstatvfs(LIBSSH2_SFTP_HANDLE = *handle, LIBSSH2_SFTP_STATVFS *st)=0A= st->f_ffree =3D _libssh2_ntohu64(data + 53);=0A= st->f_favail =3D _libssh2_ntohu64(data + 61);=0A= st->f_fsid =3D _libssh2_ntohu64(data + 69);=0A= - flag =3D _libssh2_ntohu64(data + 77);=0A= + flag =3D (unsigned int)_libssh2_ntohu64(data + 77);=0A= st->f_namemax =3D _libssh2_ntohu64(data + 85);=0A= =0A= st->f_flag =3D (flag & SSH_FXE_STATVFS_ST_RDONLY)=0A= @@ -2893,7 +2893,7 @@ static int sftp_statvfs(LIBSSH2_SFTP *sftp, const = char *path,=0A= st->f_ffree =3D _libssh2_ntohu64(data + 53);=0A= st->f_favail =3D _libssh2_ntohu64(data + 61);=0A= st->f_fsid =3D _libssh2_ntohu64(data + 69);=0A= - flag =3D _libssh2_ntohu64(data + 77);=0A= + flag =3D (unsigned int)_libssh2_ntohu64(data + 77);=0A= st->f_namemax =3D _libssh2_ntohu64(data + 85);=0A= =0A= st->f_flag =3D (flag & SSH_FXE_STATVFS_ST_RDONLY)=0A= diff --git a/src/wincng.c b/src/wincng.c=0A= new file mode 100644=0A= index 0000000..b68e30b=0A= --- /dev/null=0A= +++ b/src/wincng.c=0A= @@ -0,0 +1,1785 @@=0A= +/*=0A= + * Copyright (C) 2013 Marc Hoersken =0A= + * All rights reserved.=0A= + *=0A= + * Redistribution and use in source and binary forms,=0A= + * with or without modification, are permitted provided=0A= + * that the following conditions are met:=0A= + *=0A= + * Redistributions of source code must retain the above=0A= + * copyright notice, this list of conditions and the=0A= + * following disclaimer.=0A= + *=0A= + * Redistributions in binary form must reproduce the above=0A= + * copyright notice, this list of conditions and the following=0A= + * disclaimer in the documentation and/or other materials=0A= + * provided with the distribution.=0A= + *=0A= + * Neither the name of the copyright holder nor the names=0A= + * of any other contributors may be used to endorse or=0A= + * promote products derived from this software without=0A= + * specific prior written permission.=0A= + *=0A= + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND=0A= + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,=0A= + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES=0A= + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE=0A= + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR=0A= + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,=0A= + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,=0A= + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR=0A= + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS=0A= + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,=0A= + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING=0A= + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE=0A= + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY=0A= + * OF SUCH DAMAGE.=0A= + */=0A= +=0A= +#include "libssh2_priv.h"=0A= +=0A= +#ifdef LIBSSH2_WINCNG /* compile only if we build with wincng */=0A= +=0A= +#pragma comment(lib, "Bcrypt.lib")=0A= +#pragma comment(lib, "Crypt32.lib")=0A= +=0A= +#include =0A= +=0A= +#ifdef HAVE_STDLIB_H=0A= +#include =0A= +#endif=0A= +#ifdef HAVE_LIBCRYPT32=0A= +#include =0A= +#endif=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: Missing definitions (for MinGW[-w64])=0A= + */=0A= +#ifndef BCRYPT_RNG_ALGORITHM=0A= +#define BCRYPT_RNG_ALGORITHM L"RNG"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_MD5_ALGORITHM=0A= +#define BCRYPT_MD5_ALGORITHM L"MD5"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_SHA1_ALGORITHM=0A= +#define BCRYPT_SHA1_ALGORITHM L"SHA1"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_RSA_ALGORITHM=0A= +#define BCRYPT_RSA_ALGORITHM L"RSA"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_DSA_ALGORITHM=0A= +#define BCRYPT_DSA_ALGORITHM L"DSA"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_AES_ALGORITHM=0A= +#define BCRYPT_AES_ALGORITHM L"AES"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_RC4_ALGORITHM=0A= +#define BCRYPT_RC4_ALGORITHM L"RC4"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_3DES_ALGORITHM=0A= +#define BCRYPT_3DES_ALGORITHM L"3DES"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_ALG_HANDLE_HMAC_FLAG=0A= +#define BCRYPT_ALG_HANDLE_HMAC_FLAG 0x00000008=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_DSA_PUBLIC_BLOB=0A= +#define BCRYPT_DSA_PUBLIC_BLOB L"DSAPUBLICBLOB"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_DSA_PUBLIC_MAGIC=0A= +#define BCRYPT_DSA_PUBLIC_MAGIC 0x42505344 /* DSPB */=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_DSA_PRIVATE_BLOB=0A= +#define BCRYPT_DSA_PRIVATE_BLOB L"DSAPRIVATEBLOB"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_DSA_PRIVATE_MAGIC=0A= +#define BCRYPT_DSA_PRIVATE_MAGIC 0x56505344 /* DSPV */=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_RSAPUBLIC_BLOB=0A= +#define BCRYPT_RSAPUBLIC_BLOB L"RSAPUBLICBLOB"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_RSAPUBLIC_MAGIC=0A= +#define BCRYPT_RSAPUBLIC_MAGIC 0x31415352 /* RSA1 */=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_RSAFULLPRIVATE_BLOB=0A= +#define BCRYPT_RSAFULLPRIVATE_BLOB L"RSAFULLPRIVATEBLOB"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_RSAFULLPRIVATE_MAGIC=0A= +#define BCRYPT_RSAFULLPRIVATE_MAGIC 0x33415352 /* RSA3 */=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_KEY_DATA_BLOB=0A= +#define BCRYPT_KEY_DATA_BLOB L"KeyDataBlob"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_MESSAGE_BLOCK_LENGTH=0A= +#define BCRYPT_MESSAGE_BLOCK_LENGTH L"MessageBlockLength"=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_NO_KEY_VALIDATION=0A= +#define BCRYPT_NO_KEY_VALIDATION 0x00000008=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_BLOCK_PADDING=0A= +#define BCRYPT_BLOCK_PADDING 0x00000001=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_PAD_NONE=0A= +#define BCRYPT_PAD_NONE 0x00000001=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_PAD_PKCS1=0A= +#define BCRYPT_PAD_PKCS1 0x00000002=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_PAD_OAEP=0A= +#define BCRYPT_PAD_OAEP 0x00000004=0A= +#endif=0A= +=0A= +#ifndef BCRYPT_PAD_PSS=0A= +#define BCRYPT_PAD_PSS 0x00000008=0A= +#endif=0A= +=0A= +#ifndef CRYPT_STRING_ANY=0A= +#define CRYPT_STRING_ANY 0x00000007=0A= +#endif=0A= +=0A= +#ifndef LEGACY_RSAPRIVATE_BLOB=0A= +#define LEGACY_RSAPRIVATE_BLOB L"CAPIPRIVATEBLOB"=0A= +#endif=0A= +=0A= +#ifndef PKCS_RSA_PRIVATE_KEY=0A= +#define PKCS_RSA_PRIVATE_KEY (LPCSTR)43=0A= +#endif=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: Generic functions=0A= + */=0A= +=0A= +void=0A= +_libssh2_wincng_init(void)=0A= +{=0A= + int ret;=0A= +=0A= + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgRNG,=0A= + BCRYPT_RNG_ALGORITHM, NULL, 0);=0A= +=0A= + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHashMD5,=0A= + BCRYPT_MD5_ALGORITHM, NULL, 0);=0A= + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHashSHA1,=0A= + BCRYPT_SHA1_ALGORITHM, NULL, 0);=0A= +=0A= + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHmacMD5,=0A= + BCRYPT_MD5_ALGORITHM, NULL,=0A= + BCRYPT_ALG_HANDLE_HMAC_FLAG);=0A= + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHmacSHA1,=0A= + BCRYPT_SHA1_ALGORITHM, NULL,=0A= + BCRYPT_ALG_HANDLE_HMAC_FLAG);=0A= +=0A= + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgRSA,=0A= + BCRYPT_RSA_ALGORITHM, NULL, 0);=0A= + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgDSA,=0A= + BCRYPT_DSA_ALGORITHM, NULL, 0);=0A= +=0A= + ret =3D BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgAES_CBC,=0A= + BCRYPT_AES_ALGORITHM, NULL, 0);=0A= + if (ret =3D=3D STATUS_SUCCESS) {=0A= + ret =3D BCryptSetProperty(_libssh2_wincng.hAlgAES_CBC, = BCRYPT_CHAINING_MODE,=0A= + (PBYTE)BCRYPT_CHAIN_MODE_CBC,=0A= + sizeof(BCRYPT_CHAIN_MODE_CBC), 0);=0A= + if (ret !=3D STATUS_SUCCESS) {=0A= + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgAES_CBC, = 0);=0A= + }=0A= + }=0A= +=0A= + ret =3D BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgRC4_NA,=0A= + BCRYPT_RC4_ALGORITHM, NULL, 0);=0A= + if (ret =3D=3D STATUS_SUCCESS) {=0A= + ret =3D BCryptSetProperty(_libssh2_wincng.hAlgRC4_NA, = BCRYPT_CHAINING_MODE,=0A= + (PBYTE)BCRYPT_CHAIN_MODE_NA,=0A= + sizeof(BCRYPT_CHAIN_MODE_NA), 0);=0A= + if (ret !=3D STATUS_SUCCESS) {=0A= + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRC4_NA, 0);=0A= + }=0A= + }=0A= +=0A= + ret =3D BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlg3DES_CBC,=0A= + BCRYPT_3DES_ALGORITHM, NULL, 0);=0A= + if (ret =3D=3D STATUS_SUCCESS) {=0A= + ret =3D BCryptSetProperty(_libssh2_wincng.hAlg3DES_CBC, = BCRYPT_CHAINING_MODE,=0A= + (PBYTE)BCRYPT_CHAIN_MODE_CBC,=0A= + sizeof(BCRYPT_CHAIN_MODE_CBC), 0);=0A= + if (ret !=3D STATUS_SUCCESS) {=0A= + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlg3DES_CBC, = 0);=0A= + }=0A= + }=0A= +}=0A= +=0A= +void=0A= +_libssh2_wincng_free(void)=0A= +{=0A= + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRNG, 0);=0A= + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashMD5, 0);=0A= + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashSHA1, 0);=0A= + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacMD5, 0);=0A= + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacSHA1, 0);=0A= + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRSA, 0);=0A= + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgDSA, 0);=0A= + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgAES_CBC, 0);=0A= + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRC4_NA, 0);=0A= + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlg3DES_CBC, 0);=0A= +=0A= + memset(&_libssh2_wincng, 0, sizeof(_libssh2_wincng));=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_random(void *buf, int len)=0A= +{=0A= + return BCryptGenRandom(_libssh2_wincng.hAlgRNG, buf, len, 0)=0A= + =3D=3D STATUS_SUCCESS ? 0 : -1;=0A= +}=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: Hash functions=0A= + */=0A= +=0A= +int=0A= +_libssh2_wincng_hash_init(_libssh2_wincng_hash_ctx *ctx,=0A= + BCRYPT_ALG_HANDLE hAlg, unsigned long hashlen,=0A= + unsigned char *key, unsigned long keylen)=0A= +{=0A= + BCRYPT_HASH_HANDLE hHash;=0A= + unsigned char *pbHashObject;=0A= + unsigned long dwHashObject, dwHash, cbData;=0A= + int ret;=0A= +=0A= + ret =3D BCryptGetProperty(hAlg, BCRYPT_HASH_LENGTH,=0A= + (unsigned char *)&dwHash,=0A= + sizeof(dwHash),=0A= + &cbData, 0);=0A= + if (ret !=3D STATUS_SUCCESS || dwHash !=3D hashlen) {=0A= + return -1;=0A= + }=0A= +=0A= + ret =3D BCryptGetProperty(hAlg, BCRYPT_OBJECT_LENGTH,=0A= + (unsigned char *)&dwHashObject,=0A= + sizeof(dwHashObject),=0A= + &cbData, 0);=0A= + if (ret !=3D STATUS_SUCCESS) {=0A= + return -1;=0A= + }=0A= +=0A= + pbHashObject =3D malloc(dwHashObject);=0A= + if (!pbHashObject) {=0A= + return -1;=0A= + }=0A= +=0A= +=0A= + ret =3D BCryptCreateHash(hAlg, &hHash,=0A= + pbHashObject, dwHashObject,=0A= + key, keylen, 0);=0A= + if (ret !=3D STATUS_SUCCESS) {=0A= + free(pbHashObject);=0A= + return -1;=0A= + }=0A= +=0A= +=0A= + ctx->hHash =3D hHash;=0A= + ctx->pbHashObject =3D pbHashObject;=0A= + ctx->dwHashObject =3D dwHashObject;=0A= + ctx->cbHash =3D dwHash;=0A= +=0A= + return 0;=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_hash_update(_libssh2_wincng_hash_ctx *ctx,=0A= + const unsigned char *data, unsigned long = datalen)=0A= +{=0A= + return BCryptHashData(ctx->hHash, (unsigned char *)data, datalen, 0)=0A= + =3D=3D STATUS_SUCCESS ? 0 : -1;=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_hash_final(_libssh2_wincng_hash_ctx *ctx,=0A= + unsigned char *hash)=0A= +{=0A= + int ret;=0A= +=0A= + ret =3D BCryptFinishHash(ctx->hHash, hash, ctx->cbHash, 0);=0A= +=0A= + BCryptDestroyHash(ctx->hHash);=0A= +=0A= + if (ctx->pbHashObject)=0A= + free(ctx->pbHashObject);=0A= +=0A= + memset(ctx, 0, sizeof(_libssh2_wincng_hash_ctx));=0A= +=0A= + return ret;=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_hash(unsigned char *data, unsigned long datalen,=0A= + BCRYPT_ALG_HANDLE hAlg,=0A= + unsigned char *hash, unsigned long hashlen)=0A= +{=0A= + _libssh2_wincng_hash_ctx ctx;=0A= +=0A= + if (!_libssh2_wincng_hash_init(&ctx, hAlg, hashlen, NULL, 0)) {=0A= + if (!_libssh2_wincng_hash_update(&ctx, data, datalen)) {=0A= + if (!_libssh2_wincng_hash_final(&ctx, hash)) {=0A= + return 0;=0A= + }=0A= + }=0A= + }=0A= +=0A= + return -1;=0A= +}=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: HMAC functions=0A= + */=0A= +=0A= +int=0A= +_libssh2_wincng_hmac_final(_libssh2_wincng_hash_ctx *ctx,=0A= + unsigned char *hash)=0A= +{=0A= + return BCryptFinishHash(ctx->hHash, hash, ctx->cbHash, 0)=0A= + =3D=3D STATUS_SUCCESS ? 0 : -1;=0A= +}=0A= +=0A= +void=0A= +_libssh2_wincng_hmac_cleanup(_libssh2_wincng_hash_ctx *ctx)=0A= +{=0A= + BCryptDestroyHash(ctx->hHash);=0A= +=0A= + if (ctx->pbHashObject)=0A= + free(ctx->pbHashObject);=0A= +=0A= + memset(ctx, 0, sizeof(_libssh2_wincng_hash_ctx));=0A= +}=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: Key functions=0A= + */=0A= +=0A= +int=0A= +_libssh2_wincng_key_sha1_verify(_libssh2_wincng_key_ctx *ctx,=0A= + const unsigned char *sig,=0A= + unsigned long sig_len,=0A= + const unsigned char *m,=0A= + unsigned long m_len,=0A= + unsigned long flags)=0A= +{=0A= + BCRYPT_PKCS1_PADDING_INFO paddingInfoPKCS1;=0A= + void *pPaddingInfo;=0A= + unsigned char *data, *hash;=0A= + unsigned long datalen, hashlen;=0A= + int ret;=0A= +=0A= + datalen =3D m_len;=0A= + data =3D malloc(datalen);=0A= + if (!data) {=0A= + return -1;=0A= + }=0A= +=0A= + hashlen =3D SHA_DIGEST_LENGTH;=0A= + hash =3D malloc(hashlen);=0A= + if (!hash) {=0A= + free(data);=0A= + return -1;=0A= + }=0A= +=0A= + memcpy(data, m, datalen);=0A= +=0A= + ret =3D _libssh2_wincng_hash(data, datalen,=0A= + _libssh2_wincng.hAlgHashSHA1,=0A= + hash, hashlen);=0A= +=0A= + free(data);=0A= +=0A= + if (ret) {=0A= + free(hash);=0A= + return -1;=0A= + }=0A= +=0A= + datalen =3D sig_len;=0A= + data =3D malloc(datalen);=0A= + if (!data) {=0A= + free(hash);=0A= + return -1;=0A= + }=0A= +=0A= + if (flags & BCRYPT_PAD_PKCS1) {=0A= + paddingInfoPKCS1.pszAlgId =3D BCRYPT_SHA1_ALGORITHM;=0A= + pPaddingInfo =3D &paddingInfoPKCS1;=0A= + }=0A= +=0A= + memcpy(data, sig, datalen);=0A= +=0A= + ret =3D BCryptVerifySignature(ctx->hKey, pPaddingInfo,=0A= + hash, hashlen, data, datalen, flags);=0A= +=0A= + free(hash);=0A= + free(data);=0A= +=0A= + return ret =3D=3D STATUS_SUCCESS ? 0 : -1;=0A= +}=0A= +=0A= +#ifdef HAVE_LIBCRYPT32=0A= +static int=0A= +_libssh2_wincng_load_pem(LIBSSH2_SESSION *session,=0A= + const char *filename,=0A= + const char *passphrase,=0A= + const char *headerbegin,=0A= + const char *headerend,=0A= + unsigned char **data,=0A= + unsigned int *datalen)=0A= +{=0A= + FILE *fp;=0A= + int ret;=0A= +=0A= + (void)passphrase;=0A= +=0A= + fp =3D fopen(filename, "r");=0A= + if (!fp) {=0A= + return -1;=0A= + }=0A= +=0A= + ret =3D _libssh2_pem_parse(session, headerbegin, headerend,=0A= + fp, data, datalen);=0A= +=0A= + fclose(fp);=0A= +=0A= + return ret;=0A= +}=0A= +=0A= +static int=0A= +_libssh2_wincng_load_private(LIBSSH2_SESSION *session,=0A= + const char *filename,=0A= + const char *passphrase,=0A= + unsigned char **ppbEncoded,=0A= + unsigned long *pcbEncoded)=0A= +{=0A= + unsigned char *data;=0A= + int ret, datalen;=0A= +=0A= + ret =3D _libssh2_wincng_load_pem(session, filename, passphrase,=0A= + "-----BEGIN RSA PRIVATE KEY-----",=0A= + "-----END RSA PRIVATE KEY-----",=0A= + &data, &datalen);=0A= +=0A= + if (ret) {=0A= + ret =3D _libssh2_wincng_load_pem(session, filename, passphrase,=0A= + "-----BEGIN DSA PRIVATE = KEY-----",=0A= + "-----END DSA PRIVATE KEY-----",=0A= + &data, &datalen);=0A= + }=0A= +=0A= + if (!ret) {=0A= + *ppbEncoded =3D data;=0A= + *pcbEncoded =3D datalen;=0A= + }=0A= +=0A= + return ret;=0A= +}=0A= +=0A= +static int=0A= +_libssh2_wincng_asn_decode(unsigned char *pbEncoded,=0A= + unsigned long cbEncoded,=0A= + LPCSTR lpszStructType,=0A= + unsigned char **ppbDecoded,=0A= + unsigned long *pcbDecoded)=0A= +{=0A= + unsigned char *pbDecoded;=0A= + unsigned long cbDecoded;=0A= + int ret;=0A= +=0A= + ret =3D CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,=0A= + lpszStructType,=0A= + pbEncoded, cbEncoded, 0, NULL,=0A= + NULL, &cbDecoded);=0A= + if (!ret) {=0A= + return -1;=0A= + }=0A= +=0A= + pbDecoded =3D malloc(cbDecoded);=0A= + if (!pbDecoded) {=0A= + return -1;=0A= + }=0A= +=0A= + ret =3D CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,=0A= + lpszStructType,=0A= + pbEncoded, cbEncoded, 0, NULL,=0A= + pbDecoded, &cbDecoded);=0A= + if (!ret) {=0A= + free(pbDecoded);=0A= + return -1;=0A= + }=0A= +=0A= +=0A= + *ppbDecoded =3D pbDecoded;=0A= + *pcbDecoded =3D cbDecoded;=0A= +=0A= + return 0;=0A= +}=0A= +=0A= +static int=0A= +_libssh2_wincng_bn_ltob(unsigned char *pbInput,=0A= + unsigned long cbInput,=0A= + unsigned char **ppbOutput,=0A= + unsigned long *pcbOutput)=0A= +{=0A= + unsigned char *pbOutput;=0A= + unsigned long cbOutput, index, offset, length;=0A= +=0A= + if (cbInput < 1) {=0A= + return 0;=0A= + }=0A= +=0A= + offset =3D 0;=0A= + length =3D cbInput - 1;=0A= + cbOutput =3D cbInput;=0A= + if (pbInput[length] & (1 << 7)) {=0A= + offset++;=0A= + cbOutput++;=0A= + }=0A= +=0A= + pbOutput =3D malloc(cbOutput);=0A= + if (!pbOutput) {=0A= + return -1;=0A= + }=0A= +=0A= + pbOutput[0] =3D 0;=0A= + for (index =3D 0; index < cbInput; index++) {=0A= + pbOutput[index + offset] =3D pbInput[length - index];=0A= + }=0A= +=0A= +=0A= + *ppbOutput =3D pbOutput;=0A= + *pcbOutput =3D cbOutput;=0A= +=0A= + return 0;=0A= +}=0A= +=0A= +static int=0A= +_libssh2_wincng_asn_decode_bn(unsigned char *pbEncoded,=0A= + unsigned long cbEncoded,=0A= + unsigned char **ppbDecoded,=0A= + unsigned long *pcbDecoded)=0A= +{=0A= + unsigned char *pbDecoded, *pbInteger;=0A= + unsigned long cbDecoded, cbInteger;=0A= + int ret;=0A= +=0A= + ret =3D _libssh2_wincng_asn_decode(pbEncoded, cbEncoded,=0A= + X509_MULTI_BYTE_UINT,=0A= + &pbInteger, &cbInteger);=0A= + if (!ret) {=0A= + ret =3D = _libssh2_wincng_bn_ltob(((PCRYPT_DATA_BLOB)pbInteger)->pbData,=0A= + = ((PCRYPT_DATA_BLOB)pbInteger)->cbData,=0A= + &pbDecoded, &cbDecoded);=0A= + if (!ret) {=0A= + *ppbDecoded =3D pbDecoded;=0A= + *pcbDecoded =3D cbDecoded;=0A= + }=0A= + free(pbInteger);=0A= + }=0A= +=0A= + return ret;=0A= +}=0A= +=0A= +static int=0A= +_libssh2_wincng_asn_decode_bns(unsigned char *pbEncoded,=0A= + unsigned long cbEncoded,=0A= + unsigned char ***prpbDecoded,=0A= + unsigned long **prcbDecoded,=0A= + unsigned long *pcbCount)=0A= +{=0A= + PCRYPT_DER_BLOB pBlob;=0A= + unsigned char *pbDecoded, **rpbDecoded;=0A= + unsigned long cbDecoded, *rcbDecoded, index, length;=0A= + int ret;=0A= +=0A= + ret =3D _libssh2_wincng_asn_decode(pbEncoded, cbEncoded,=0A= + X509_SEQUENCE_OF_ANY,=0A= + &pbDecoded, &cbDecoded);=0A= + if (!ret) {=0A= + length =3D ((PCRYPT_DATA_BLOB)pbDecoded)->cbData;=0A= +=0A= + rpbDecoded =3D malloc(sizeof(PBYTE) * length);=0A= + if (rpbDecoded) {=0A= + rcbDecoded =3D malloc(sizeof(DWORD) * length);=0A= + if (rcbDecoded) {=0A= + for (index =3D 0; index < length; index++) {=0A= + pBlob =3D &((PCRYPT_DER_BLOB)=0A= + = ((PCRYPT_DATA_BLOB)pbDecoded)->pbData)[index];=0A= + ret =3D _libssh2_wincng_asn_decode_bn(pBlob->pbData,=0A= + pBlob->cbData,=0A= + = &rpbDecoded[index],=0A= + = &rcbDecoded[index]);=0A= + if (ret)=0A= + break;=0A= + }=0A= +=0A= + if (ret) {=0A= + for (length =3D 0; length < index; length++) {=0A= + if (rpbDecoded[length]) {=0A= + free(rpbDecoded[length]);=0A= + rpbDecoded[length] =3D NULL;=0A= + }=0A= + }=0A= + } else {=0A= + *prpbDecoded =3D rpbDecoded;=0A= + *prcbDecoded =3D rcbDecoded;=0A= + *pcbCount =3D length;=0A= + }=0A= + } else {=0A= + free(rpbDecoded);=0A= + ret =3D -1;=0A= + }=0A= +=0A= + } else {=0A= + ret =3D -1;=0A= + }=0A= +=0A= + free(pbDecoded);=0A= + }=0A= +=0A= + return ret;=0A= +}=0A= +#endif /* HAVE_LIBCRYPT32 */=0A= +=0A= +static unsigned long=0A= +_libssh2_wincng_bn_size(const unsigned char *bignum,=0A= + unsigned long length)=0A= +{=0A= + unsigned long offset;=0A= +=0A= + if (!bignum)=0A= + return 0;=0A= +=0A= + length--;=0A= +=0A= + offset =3D 0;=0A= + while (!(*(bignum + offset)) && (offset < length))=0A= + offset++;=0A= +=0A= + length++;=0A= +=0A= + return length - offset;=0A= +}=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: RSA functions=0A= + */=0A= +=0A= +int=0A= +_libssh2_wincng_rsa_new(libssh2_rsa_ctx **rsa,=0A= + const unsigned char *edata,=0A= + unsigned long elen,=0A= + const unsigned char *ndata,=0A= + unsigned long nlen,=0A= + const unsigned char *ddata,=0A= + unsigned long dlen,=0A= + const unsigned char *pdata,=0A= + unsigned long plen,=0A= + const unsigned char *qdata,=0A= + unsigned long qlen,=0A= + const unsigned char *e1data,=0A= + unsigned long e1len,=0A= + const unsigned char *e2data,=0A= + unsigned long e2len,=0A= + const unsigned char *coeffdata,=0A= + unsigned long coefflen)=0A= +{=0A= + BCRYPT_KEY_HANDLE hKey;=0A= + BCRYPT_RSAKEY_BLOB *rsakey;=0A= + LPCWSTR lpszBlobType;=0A= + unsigned char *key;=0A= + unsigned long keylen, offset, mlen, p1len, p2len;=0A= + int ret;=0A= +=0A= + mlen =3D max(_libssh2_wincng_bn_size(ndata, nlen),=0A= + _libssh2_wincng_bn_size(ddata, dlen));=0A= + offset =3D sizeof(BCRYPT_RSAKEY_BLOB);=0A= + keylen =3D offset + elen + mlen;=0A= + if (ddata && dlen > 0) {=0A= + p1len =3D max(_libssh2_wincng_bn_size(pdata, plen),=0A= + _libssh2_wincng_bn_size(e1data, e1len));=0A= + p2len =3D max(_libssh2_wincng_bn_size(qdata, qlen),=0A= + _libssh2_wincng_bn_size(e2data, e2len));=0A= + keylen +=3D p1len * 3 + p2len * 2 + mlen;=0A= + }=0A= +=0A= + key =3D malloc(keylen);=0A= + if (!key) {=0A= + return -1;=0A= + }=0A= +=0A= + memset(key, 0, keylen);=0A= +=0A= +=0A= + /* http://msdn.microsoft.com/library/windows/desktop/aa375531.aspx = */=0A= + rsakey =3D (BCRYPT_RSAKEY_BLOB *)key;=0A= + rsakey->BitLength =3D mlen * 8;=0A= + rsakey->cbPublicExp =3D elen;=0A= + rsakey->cbModulus =3D mlen;=0A= +=0A= + memcpy(key + offset, edata, elen);=0A= + offset +=3D elen;=0A= +=0A= + if (nlen < mlen)=0A= + memcpy(key + offset + mlen - nlen, ndata, nlen);=0A= + else=0A= + memcpy(key + offset, ndata + nlen - mlen, mlen);=0A= +=0A= + if (ddata && dlen > 0) {=0A= + offset +=3D mlen;=0A= +=0A= + if (plen < p1len)=0A= + memcpy(key + offset + p1len - plen, pdata, plen);=0A= + else=0A= + memcpy(key + offset, pdata + plen - p1len, p1len);=0A= + offset +=3D p1len;=0A= +=0A= + if (qlen < p2len)=0A= + memcpy(key + offset + p2len - qlen, qdata, qlen);=0A= + else=0A= + memcpy(key + offset, qdata + qlen - p2len, p2len);=0A= + offset +=3D p2len;=0A= +=0A= + if (e1len < p1len)=0A= + memcpy(key + offset + p1len - e1len, e1data, e1len);=0A= + else=0A= + memcpy(key + offset, e1data + e1len - p1len, p1len);=0A= + offset +=3D p1len;=0A= +=0A= + if (e2len < p2len)=0A= + memcpy(key + offset + p2len - e2len, e2data, e2len);=0A= + else=0A= + memcpy(key + offset, e2data + e2len - p2len, p2len);=0A= + offset +=3D p2len;=0A= +=0A= + if (coefflen < p1len)=0A= + memcpy(key + offset + p1len - coefflen, coeffdata, = coefflen);=0A= + else=0A= + memcpy(key + offset, coeffdata + coefflen - p1len, p1len);=0A= + offset +=3D p1len;=0A= +=0A= + if (dlen < mlen)=0A= + memcpy(key + offset + mlen - dlen, ddata, dlen);=0A= + else=0A= + memcpy(key + offset, ddata + dlen - mlen, mlen);=0A= +=0A= + lpszBlobType =3D BCRYPT_RSAFULLPRIVATE_BLOB;=0A= + rsakey->Magic =3D BCRYPT_RSAFULLPRIVATE_MAGIC;=0A= + rsakey->cbPrime1 =3D p1len;=0A= + rsakey->cbPrime2 =3D p2len;=0A= + } else {=0A= + lpszBlobType =3D BCRYPT_RSAPUBLIC_BLOB;=0A= + rsakey->Magic =3D BCRYPT_RSAPUBLIC_MAGIC;=0A= + rsakey->cbPrime1 =3D 0;=0A= + rsakey->cbPrime2 =3D 0;=0A= + }=0A= +=0A= +=0A= + ret =3D BCryptImportKeyPair(_libssh2_wincng.hAlgRSA, NULL, = lpszBlobType,=0A= + &hKey, key, keylen, 0);=0A= + if (ret !=3D STATUS_SUCCESS) {=0A= + free(key);=0A= + return -1;=0A= + }=0A= +=0A= +=0A= + *rsa =3D malloc(sizeof(libssh2_rsa_ctx));=0A= + if (!(*rsa)) {=0A= + BCryptDestroyKey(hKey);=0A= + free(key);=0A= + return -1;=0A= + }=0A= +=0A= + (*rsa)->hKey =3D hKey;=0A= + (*rsa)->pbKeyObject =3D key;=0A= + (*rsa)->cbKeyObject =3D keylen;=0A= +=0A= + return 0;=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa,=0A= + LIBSSH2_SESSION *session,=0A= + const char *filename,=0A= + const unsigned char *passphrase)=0A= +{=0A= +#ifdef HAVE_LIBCRYPT32=0A= + BCRYPT_KEY_HANDLE hKey;=0A= + unsigned char *pbEncoded, *pbStructInfo;=0A= + unsigned long cbEncoded, cbStructInfo;=0A= + int ret;=0A= +=0A= + (void)session;=0A= +=0A= + ret =3D _libssh2_wincng_load_private(session, filename,=0A= + (const char *)passphrase,=0A= + &pbEncoded, &cbEncoded);=0A= + if (ret) {=0A= + return -1;=0A= + }=0A= +=0A= + ret =3D _libssh2_wincng_asn_decode(pbEncoded, cbEncoded,=0A= + PKCS_RSA_PRIVATE_KEY,=0A= + &pbStructInfo, &cbStructInfo);=0A= +=0A= + free(pbEncoded);=0A= +=0A= + if (ret) {=0A= + return -1;=0A= + }=0A= +=0A= +=0A= + ret =3D BCryptImportKeyPair(_libssh2_wincng.hAlgRSA, NULL,=0A= + LEGACY_RSAPRIVATE_BLOB, &hKey,=0A= + pbStructInfo, cbStructInfo, 0);=0A= + if (ret !=3D STATUS_SUCCESS) {=0A= + free(pbStructInfo);=0A= + return -1;=0A= + }=0A= +=0A= +=0A= + *rsa =3D malloc(sizeof(libssh2_rsa_ctx));=0A= + if (!(*rsa)) {=0A= + BCryptDestroyKey(hKey);=0A= + free(pbStructInfo);=0A= + return -1;=0A= + }=0A= +=0A= + (*rsa)->hKey =3D hKey;=0A= + (*rsa)->pbKeyObject =3D pbStructInfo;=0A= + (*rsa)->cbKeyObject =3D cbStructInfo;=0A= +=0A= + return 0;=0A= +#else=0A= + (void)rsa;=0A= + (void)filename;=0A= + (void)passphrase;=0A= +=0A= + return _libssh2_error(session, LIBSSH2_ERROR_FILE,=0A= + "Unable to load RSA key from private key = file: "=0A= + "Method unsupported in Windows CNG backend");=0A= +#endif /* HAVE_LIBCRYPT32 */=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_rsa_sha1_verify(libssh2_rsa_ctx *rsa,=0A= + const unsigned char *sig,=0A= + unsigned long sig_len,=0A= + const unsigned char *m,=0A= + unsigned long m_len)=0A= +{=0A= + return _libssh2_wincng_key_sha1_verify(rsa, sig, sig_len, m, m_len,=0A= + BCRYPT_PAD_PKCS1);=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_rsa_sha1_sign(LIBSSH2_SESSION *session,=0A= + libssh2_rsa_ctx *rsa,=0A= + const unsigned char *hash,=0A= + size_t hash_len,=0A= + unsigned char **signature,=0A= + size_t *signature_len)=0A= +{=0A= + BCRYPT_PKCS1_PADDING_INFO paddingInfo;=0A= + unsigned char *data, *sig;=0A= + unsigned long cbData, datalen, siglen;=0A= + int ret;=0A= +=0A= + datalen =3D (unsigned long)hash_len;=0A= + data =3D malloc(datalen);=0A= + if (!data) {=0A= + return -1;=0A= + }=0A= +=0A= + paddingInfo.pszAlgId =3D BCRYPT_SHA1_ALGORITHM;=0A= +=0A= + memcpy(data, hash, datalen);=0A= +=0A= + ret =3D BCryptSignHash(rsa->hKey, &paddingInfo,=0A= + data, datalen, NULL, 0,=0A= + &cbData, BCRYPT_PAD_PKCS1);=0A= + if (ret =3D=3D STATUS_SUCCESS) {=0A= + siglen =3D cbData;=0A= + sig =3D LIBSSH2_ALLOC(session, siglen);=0A= + if (sig) {=0A= + ret =3D BCryptSignHash(rsa->hKey, &paddingInfo,=0A= + data, datalen, sig, siglen,=0A= + &cbData, BCRYPT_PAD_PKCS1);=0A= + if (ret =3D=3D STATUS_SUCCESS) {=0A= + *signature_len =3D siglen;=0A= + *signature =3D sig;=0A= + } else {=0A= + LIBSSH2_FREE(session, sig);=0A= + }=0A= + } else=0A= + ret =3D STATUS_NO_MEMORY;=0A= + }=0A= +=0A= + free(data);=0A= +=0A= + return ret =3D=3D STATUS_SUCCESS ? 0 : -1;=0A= +}=0A= +=0A= +void=0A= +_libssh2_wincng_rsa_free(libssh2_rsa_ctx *rsa)=0A= +{=0A= + if (!rsa)=0A= + return;=0A= +=0A= + BCryptDestroyKey(rsa->hKey);=0A= +=0A= + if (rsa->pbKeyObject)=0A= + free(rsa->pbKeyObject);=0A= +=0A= + memset(rsa, 0, sizeof(libssh2_rsa_ctx));=0A= + free(rsa);=0A= +}=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: DSA functions=0A= + */=0A= +=0A= +#if LIBSSH2_DSA=0A= +int=0A= +_libssh2_wincng_dsa_new(libssh2_dsa_ctx **dsa,=0A= + const unsigned char *pdata,=0A= + unsigned long plen,=0A= + const unsigned char *qdata,=0A= + unsigned long qlen,=0A= + const unsigned char *gdata,=0A= + unsigned long glen,=0A= + const unsigned char *ydata,=0A= + unsigned long ylen,=0A= + const unsigned char *xdata,=0A= + unsigned long xlen)=0A= +{=0A= + BCRYPT_KEY_HANDLE hKey;=0A= + BCRYPT_DSA_KEY_BLOB *dsakey;=0A= + LPCWSTR lpszBlobType;=0A= + unsigned char *key;=0A= + unsigned long keylen, offset, length;=0A= + int ret;=0A= +=0A= + length =3D max(max(_libssh2_wincng_bn_size(pdata, plen),=0A= + _libssh2_wincng_bn_size(gdata, glen)),=0A= + _libssh2_wincng_bn_size(ydata, ylen));=0A= + offset =3D sizeof(BCRYPT_DSA_KEY_BLOB);=0A= + keylen =3D offset + length * 3;=0A= + if (xdata && xlen > 0)=0A= + keylen +=3D 20;=0A= +=0A= + key =3D malloc(keylen);=0A= + if (!key) {=0A= + return -1;=0A= + }=0A= +=0A= + memset(key, 0, keylen);=0A= +=0A= +=0A= + /* http://msdn.microsoft.com/library/windows/desktop/aa833126.aspx = */=0A= + dsakey =3D (BCRYPT_DSA_KEY_BLOB *)key;=0A= + dsakey->cbKey =3D length;=0A= +=0A= + memset(dsakey->Count, -1, sizeof(dsakey->Count));=0A= + memset(dsakey->Seed, -1, sizeof(dsakey->Seed));=0A= +=0A= + if (qlen < 20)=0A= + memcpy(dsakey->q + 20 - qlen, qdata, qlen);=0A= + else=0A= + memcpy(dsakey->q, qdata + qlen - 20, 20);=0A= +=0A= + if (plen < length)=0A= + memcpy(key + offset + length - plen, pdata, plen);=0A= + else=0A= + memcpy(key + offset, pdata + plen - length, length);=0A= + offset +=3D length;=0A= +=0A= + if (glen < length)=0A= + memcpy(key + offset + length - glen, gdata, glen);=0A= + else=0A= + memcpy(key + offset, gdata + glen - length, length);=0A= + offset +=3D length;=0A= +=0A= + if (ylen < length)=0A= + memcpy(key + offset + length - ylen, ydata, ylen);=0A= + else=0A= + memcpy(key + offset, ydata + ylen - length, length);=0A= +=0A= + if (xdata && xlen > 0) {=0A= + offset +=3D length;=0A= +=0A= + if (xlen < 20)=0A= + memcpy(key + offset + 20 - xlen, xdata, xlen);=0A= + else=0A= + memcpy(key + offset, xdata + xlen - 20, 20);=0A= +=0A= + lpszBlobType =3D BCRYPT_DSA_PRIVATE_BLOB;=0A= + dsakey->dwMagic =3D BCRYPT_DSA_PRIVATE_MAGIC;=0A= + } else {=0A= + lpszBlobType =3D BCRYPT_DSA_PUBLIC_BLOB;=0A= + dsakey->dwMagic =3D BCRYPT_DSA_PUBLIC_MAGIC;=0A= + }=0A= +=0A= +=0A= + ret =3D BCryptImportKeyPair(_libssh2_wincng.hAlgDSA, NULL, = lpszBlobType,=0A= + &hKey, key, keylen, 0);=0A= + if (ret !=3D STATUS_SUCCESS) {=0A= + free(key);=0A= + return -1;=0A= + }=0A= +=0A= +=0A= + *dsa =3D malloc(sizeof(libssh2_dsa_ctx));=0A= + if (!(*dsa)) {=0A= + BCryptDestroyKey(hKey);=0A= + free(key);=0A= + return -1;=0A= + }=0A= +=0A= + (*dsa)->hKey =3D hKey;=0A= + (*dsa)->pbKeyObject =3D key;=0A= + (*dsa)->cbKeyObject =3D keylen;=0A= +=0A= + return 0;=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_dsa_new_private(libssh2_dsa_ctx **dsa,=0A= + LIBSSH2_SESSION *session,=0A= + const char *filename,=0A= + const unsigned char *passphrase)=0A= +{=0A= +#ifdef HAVE_LIBCRYPT32=0A= + unsigned char *pbEncoded, **rpbDecoded;=0A= + unsigned long cbEncoded, *rcbDecoded, index, length;=0A= + int ret;=0A= +=0A= + (void)session;=0A= +=0A= + ret =3D _libssh2_wincng_load_private(session, filename,=0A= + (const char *)passphrase,=0A= + &pbEncoded, &cbEncoded);=0A= + if (ret) {=0A= + return -1;=0A= + }=0A= +=0A= + ret =3D _libssh2_wincng_asn_decode_bns(pbEncoded, cbEncoded,=0A= + &rpbDecoded, &rcbDecoded, = &length);=0A= +=0A= + free(pbEncoded);=0A= +=0A= + if (ret) {=0A= + return -1;=0A= + }=0A= +=0A= +=0A= + if (length =3D=3D 6) {=0A= + ret =3D _libssh2_wincng_dsa_new(dsa,=0A= + rpbDecoded[1], rcbDecoded[1],=0A= + rpbDecoded[2], rcbDecoded[2],=0A= + rpbDecoded[3], rcbDecoded[3],=0A= + rpbDecoded[4], rcbDecoded[4],=0A= + rpbDecoded[5], rcbDecoded[5]);=0A= + } else {=0A= + ret =3D -1;=0A= + }=0A= +=0A= + for (index =3D 0; index < length; index++) {=0A= + if (rpbDecoded[index]) {=0A= + free(rpbDecoded[index]);=0A= + rpbDecoded[index] =3D NULL;=0A= + }=0A= + }=0A= +=0A= + free(rpbDecoded);=0A= + free(rcbDecoded);=0A= +=0A= + return ret;=0A= +#else=0A= + (void)dsa;=0A= + (void)filename;=0A= + (void)passphrase;=0A= +=0A= + return _libssh2_error(session, LIBSSH2_ERROR_FILE,=0A= + "Unable to load DSA key from private key = file: "=0A= + "Method unsupported in Windows CNG backend");=0A= +#endif /* HAVE_LIBCRYPT32 */=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_dsa_sha1_verify(libssh2_dsa_ctx *dsa,=0A= + const unsigned char *sig_fixed,=0A= + const unsigned char *m,=0A= + unsigned long m_len)=0A= +{=0A= + return _libssh2_wincng_key_sha1_verify(dsa, sig_fixed, 40, m, = m_len, 0);=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_dsa_sha1_sign(libssh2_dsa_ctx *dsa,=0A= + const unsigned char *hash,=0A= + unsigned long hash_len,=0A= + unsigned char *sig_fixed)=0A= +{=0A= + unsigned char *data, *sig;=0A= + unsigned long cbData, datalen, siglen;=0A= + int ret;=0A= +=0A= + datalen =3D hash_len;=0A= + data =3D malloc(datalen);=0A= + if (!data) {=0A= + return -1;=0A= + }=0A= +=0A= + memcpy(data, hash, datalen);=0A= +=0A= + ret =3D BCryptSignHash(dsa->hKey, NULL, data, datalen,=0A= + NULL, 0, &cbData, 0);=0A= + if (ret =3D=3D STATUS_SUCCESS) {=0A= + siglen =3D cbData;=0A= + if (siglen =3D=3D 40) {=0A= + sig =3D malloc(siglen);=0A= + if (sig) {=0A= + ret =3D BCryptSignHash(dsa->hKey, NULL, data, datalen,=0A= + sig, siglen, &cbData, 0);=0A= + if (ret =3D=3D STATUS_SUCCESS) {=0A= + memcpy(sig_fixed, sig, siglen);=0A= + }=0A= +=0A= + free(sig);=0A= + } else=0A= + ret =3D STATUS_NO_MEMORY;=0A= + } else=0A= + ret =3D STATUS_NO_MEMORY;=0A= + }=0A= +=0A= + free(data);=0A= +=0A= + return ret =3D=3D STATUS_SUCCESS ? 0 : -1;=0A= +}=0A= +=0A= +void=0A= +_libssh2_wincng_dsa_free(libssh2_dsa_ctx *dsa)=0A= +{=0A= + if (!dsa)=0A= + return;=0A= +=0A= + BCryptDestroyKey(dsa->hKey);=0A= +=0A= + if (dsa->pbKeyObject)=0A= + free(dsa->pbKeyObject);=0A= +=0A= + memset(dsa, 0, sizeof(libssh2_dsa_ctx));=0A= + free(dsa);=0A= +}=0A= +#endif=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: Key functions=0A= + */=0A= +=0A= +static unsigned long=0A= +_libssh2_wincng_pub_priv_write(unsigned char *key,=0A= + unsigned long offset,=0A= + const unsigned char *bignum,=0A= + const unsigned long length)=0A= +{=0A= + _libssh2_htonu32(key + offset, length);=0A= + offset +=3D 4;=0A= +=0A= + memcpy(key + offset, bignum, length);=0A= + offset +=3D length;=0A= +=0A= + return offset;=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_pub_priv_keyfile(LIBSSH2_SESSION *session,=0A= + unsigned char **method,=0A= + size_t *method_len,=0A= + unsigned char **pubkeydata,=0A= + size_t *pubkeydata_len,=0A= + const char *privatekey,=0A= + const char *passphrase)=0A= +{=0A= +#ifdef HAVE_LIBCRYPT32=0A= + unsigned char *pbEncoded, **rpbDecoded;=0A= + unsigned long cbEncoded, *rcbDecoded;=0A= + unsigned char *key, *mth;=0A= + unsigned long keylen, mthlen, index, offset, length;=0A= + int ret;=0A= +=0A= + ret =3D _libssh2_wincng_load_private(session, privatekey, = passphrase,=0A= + &pbEncoded, &cbEncoded);=0A= + if (ret) {=0A= + return -1;=0A= + }=0A= +=0A= + ret =3D _libssh2_wincng_asn_decode_bns(pbEncoded, cbEncoded,=0A= + &rpbDecoded, &rcbDecoded, = &length);=0A= +=0A= + free(pbEncoded);=0A= +=0A= + if (ret) {=0A= + return -1;=0A= + }=0A= +=0A= +=0A= + if (length =3D=3D 9) { /* private RSA key */=0A= + mthlen =3D 7;=0A= + mth =3D LIBSSH2_ALLOC(session, mthlen);=0A= + if (mth) {=0A= + memcpy(mth, "ssh-rsa", mthlen);=0A= + } else {=0A= + ret =3D -1;=0A= + }=0A= +=0A= +=0A= + keylen =3D 4 + mthlen + 4 + rcbDecoded[2] + 4 + rcbDecoded[1];=0A= + key =3D LIBSSH2_ALLOC(session, keylen);=0A= + if (key) {=0A= + offset =3D _libssh2_wincng_pub_priv_write(key, 0, mth, = mthlen);=0A= +=0A= + offset =3D _libssh2_wincng_pub_priv_write(key, offset,=0A= + rpbDecoded[2],=0A= + rcbDecoded[2]);=0A= +=0A= + _libssh2_wincng_pub_priv_write(key, offset,=0A= + rpbDecoded[1],=0A= + rcbDecoded[1]);=0A= + } else {=0A= + ret =3D -1;=0A= + }=0A= +=0A= + } else if (length =3D=3D 6) { /* private DSA key */=0A= + mthlen =3D 7;=0A= + mth =3D LIBSSH2_ALLOC(session, mthlen);=0A= + if (mth) {=0A= + memcpy(mth, "ssh-dss", mthlen);=0A= + } else {=0A= + ret =3D -1;=0A= + }=0A= +=0A= + keylen =3D 4 + mthlen + 4 + rcbDecoded[1] + 4 + rcbDecoded[2]=0A= + + 4 + rcbDecoded[3] + 4 + rcbDecoded[4];=0A= + key =3D LIBSSH2_ALLOC(session, keylen);=0A= + if (key) {=0A= + offset =3D _libssh2_wincng_pub_priv_write(key, 0, mth, = mthlen);=0A= +=0A= + offset =3D _libssh2_wincng_pub_priv_write(key, offset,=0A= + rpbDecoded[1],=0A= + rcbDecoded[1]);=0A= +=0A= + offset =3D _libssh2_wincng_pub_priv_write(key, offset,=0A= + rpbDecoded[2],=0A= + rcbDecoded[2]);=0A= +=0A= + offset =3D _libssh2_wincng_pub_priv_write(key, offset,=0A= + rpbDecoded[3],=0A= + rcbDecoded[3]);=0A= +=0A= + _libssh2_wincng_pub_priv_write(key, offset,=0A= + rpbDecoded[4],=0A= + rcbDecoded[4]);=0A= + } else {=0A= + ret =3D -1;=0A= + }=0A= +=0A= + } else {=0A= + ret =3D -1;=0A= + }=0A= +=0A= +=0A= + for (index =3D 0; index < length; index++) {=0A= + if (rpbDecoded[index]) {=0A= + free(rpbDecoded[index]);=0A= + rpbDecoded[index] =3D NULL;=0A= + }=0A= + }=0A= +=0A= + free(rpbDecoded);=0A= + free(rcbDecoded);=0A= +=0A= +=0A= + if (ret) {=0A= + if (mth)=0A= + LIBSSH2_FREE(session, mth);=0A= + if (key)=0A= + LIBSSH2_FREE(session, key);=0A= + } else {=0A= + *method =3D mth;=0A= + *method_len =3D mthlen;=0A= + *pubkeydata =3D key;=0A= + *pubkeydata_len =3D keylen;=0A= + }=0A= +=0A= + return ret;=0A= +#else=0A= + (void)method;=0A= + (void)method_len;=0A= + (void)pubkeydata;=0A= + (void)pubkeydata_len;=0A= + (void)privatekey;=0A= + (void)passphrase;=0A= +=0A= + return _libssh2_error(session, LIBSSH2_ERROR_FILE,=0A= + "Unable to load public key from private key = file: "=0A= + "Method unsupported in Windows CNG backend");=0A= +#endif /* HAVE_LIBCRYPT32 */=0A= +}=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: Cipher functions=0A= + */=0A= +=0A= +int=0A= +_libssh2_wincng_cipher_init(_libssh2_cipher_ctx *ctx,=0A= + _libssh2_cipher_type(type),=0A= + unsigned char *iv,=0A= + unsigned char *secret,=0A= + int encrypt)=0A= +{=0A= + BCRYPT_KEY_HANDLE hKey;=0A= + BCRYPT_KEY_DATA_BLOB_HEADER *header;=0A= + unsigned char *pbKeyObject, *pbIV, *key;=0A= + unsigned long dwKeyObject, dwIV, dwBlockLength, cbData, keylen;=0A= + int ret;=0A= +=0A= + (void)encrypt;=0A= +=0A= + ret =3D BCryptGetProperty(*type.phAlg, BCRYPT_OBJECT_LENGTH,=0A= + (unsigned char *)&dwKeyObject,=0A= + sizeof(dwKeyObject),=0A= + &cbData, 0);=0A= + if (ret !=3D STATUS_SUCCESS) {=0A= + return -1;=0A= + }=0A= +=0A= + ret =3D BCryptGetProperty(*type.phAlg, BCRYPT_BLOCK_LENGTH,=0A= + (unsigned char *)&dwBlockLength,=0A= + sizeof(dwBlockLength),=0A= + &cbData, 0);=0A= + if (ret !=3D STATUS_SUCCESS) {=0A= + return -1;=0A= + }=0A= +=0A= + pbKeyObject =3D malloc(dwKeyObject);=0A= + if (!pbKeyObject) {=0A= + return -1;=0A= + }=0A= +=0A= +=0A= + keylen =3D sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + type.dwKeyLength;=0A= + key =3D malloc(keylen);=0A= + if (!key) {=0A= + free(pbKeyObject);=0A= + return -1;=0A= + }=0A= +=0A= +=0A= + header =3D (BCRYPT_KEY_DATA_BLOB_HEADER *)key;=0A= + header->dwMagic =3D BCRYPT_KEY_DATA_BLOB_MAGIC;=0A= + header->dwVersion =3D BCRYPT_KEY_DATA_BLOB_VERSION1;=0A= + header->cbKeyData =3D type.dwKeyLength;=0A= +=0A= + memcpy(key + sizeof(BCRYPT_KEY_DATA_BLOB_HEADER),=0A= + secret, type.dwKeyLength);=0A= +=0A= + ret =3D BCryptImportKey(*type.phAlg, NULL, BCRYPT_KEY_DATA_BLOB, = &hKey,=0A= + pbKeyObject, dwKeyObject, key, keylen, 0);=0A= +=0A= + free(key);=0A= +=0A= + if (ret !=3D STATUS_SUCCESS) {=0A= + free(pbKeyObject);=0A= + return -1;=0A= + }=0A= +=0A= + if (type.dwUseIV) {=0A= + pbIV =3D malloc(dwBlockLength);=0A= + if (!pbIV) {=0A= + BCryptDestroyKey(hKey);=0A= + free(pbKeyObject);=0A= + return -1;=0A= + }=0A= + dwIV =3D dwBlockLength;=0A= + memcpy(pbIV, iv, dwIV);=0A= + } else {=0A= + pbIV =3D NULL;=0A= + dwIV =3D 0;=0A= + }=0A= +=0A= +=0A= + ctx->hKey =3D hKey;=0A= + ctx->pbKeyObject =3D pbKeyObject;=0A= + ctx->pbIV =3D pbIV;=0A= + ctx->dwKeyObject =3D dwKeyObject;=0A= + ctx->dwIV =3D dwIV;=0A= + ctx->dwBlockLength =3D dwBlockLength;=0A= +=0A= + return 0;=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_cipher_crypt(_libssh2_cipher_ctx *ctx,=0A= + _libssh2_cipher_type(type),=0A= + int encrypt,=0A= + unsigned char *block,=0A= + size_t blocklen)=0A= +{=0A= + unsigned char *pbOutput;=0A= + unsigned long cbOutput;=0A= + int ret;=0A= +=0A= + (void)type;=0A= +=0A= + if (encrypt) {=0A= + ret =3D BCryptEncrypt(ctx->hKey, block, (ULONG)blocklen, NULL,=0A= + ctx->pbIV, ctx->dwIV, NULL, 0, &cbOutput, = 0);=0A= + } else {=0A= + ret =3D BCryptDecrypt(ctx->hKey, block, (ULONG)blocklen, NULL,=0A= + ctx->pbIV, ctx->dwIV, NULL, 0, &cbOutput, = 0);=0A= + }=0A= + if (ret =3D=3D STATUS_SUCCESS) {=0A= + pbOutput =3D malloc(cbOutput);=0A= + if (pbOutput) {=0A= + if (encrypt) {=0A= + ret =3D BCryptEncrypt(ctx->hKey, block, = (ULONG)blocklen, NULL,=0A= + ctx->pbIV, ctx->dwIV,=0A= + pbOutput, cbOutput, &cbOutput, 0);=0A= + } else {=0A= + ret =3D BCryptDecrypt(ctx->hKey, block, = (ULONG)blocklen, NULL,=0A= + ctx->pbIV, ctx->dwIV,=0A= + pbOutput, cbOutput, &cbOutput, 0);=0A= + }=0A= + if (ret =3D=3D STATUS_SUCCESS) {=0A= + memcpy(block, pbOutput, cbOutput);=0A= + }=0A= +=0A= + free(pbOutput);=0A= + } else=0A= + ret =3D STATUS_NO_MEMORY;=0A= + }=0A= +=0A= + return ret =3D=3D STATUS_SUCCESS ? 0 : -1;=0A= +}=0A= +=0A= +void=0A= +_libssh2_wincng_cipher_dtor(_libssh2_cipher_ctx *ctx)=0A= +{=0A= + BCryptDestroyKey(ctx->hKey);=0A= +=0A= + if (ctx->pbKeyObject) {=0A= + free(ctx->pbKeyObject);=0A= + ctx->pbKeyObject =3D NULL;=0A= + }=0A= +=0A= + memset(ctx, 0, sizeof(_libssh2_cipher_ctx));=0A= +}=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: BigNumber functions=0A= + */=0A= +=0A= +_libssh2_bn *=0A= +_libssh2_wincng_bignum_init(void)=0A= +{=0A= + _libssh2_bn *bignum;=0A= +=0A= + bignum =3D malloc(sizeof(_libssh2_bn));=0A= + bignum->bignum =3D NULL;=0A= + bignum->length =3D 0;=0A= +=0A= + return bignum;=0A= +}=0A= +=0A= +static int=0A= +_libssh2_wincng_bignum_resize(_libssh2_bn *bn, unsigned long length)=0A= +{=0A= + unsigned char *bignum;=0A= +=0A= + if (!bn)=0A= + return -1;=0A= +=0A= + if (length =3D=3D bn->length)=0A= + return 0;=0A= +=0A= + bignum =3D realloc(bn->bignum, length);=0A= + if (!bignum)=0A= + return -1;=0A= +=0A= + bn->bignum =3D bignum;=0A= + bn->length =3D length;=0A= +=0A= + return 0;=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_bignum_rand(_libssh2_bn *rnd, int bits, int top, int = bottom)=0A= +{=0A= + unsigned char *bignum;=0A= + unsigned long length;=0A= +=0A= + if (!rnd)=0A= + return -1;=0A= +=0A= + length =3D (unsigned long)(ceil((float)bits / 8) * sizeof(unsigned = char));=0A= + if (_libssh2_wincng_bignum_resize(rnd, length))=0A= + return -1;=0A= +=0A= + bignum =3D rnd->bignum;=0A= +=0A= + if (_libssh2_wincng_random(bignum, length))=0A= + return -1;=0A= +=0A= + /* calculate significant bits in most significant byte */=0A= + bits %=3D 8;=0A= +=0A= + /* fill most significant byte with zero padding */=0A= + bignum[0] &=3D (1 << (8 - bits)) - 1;=0A= +=0A= + /* set some special last bits in most significant byte */=0A= + if (top =3D=3D 0)=0A= + bignum[0] |=3D (1 << (7 - bits));=0A= + else if (top =3D=3D 1)=0A= + bignum[0] |=3D (3 << (6 - bits));=0A= +=0A= + /* make odd by setting first bit in least significant byte */=0A= + if (bottom)=0A= + bignum[length - 1] |=3D 1;=0A= +=0A= + return 0;=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_bignum_mod_exp(_libssh2_bn *r,=0A= + _libssh2_bn *a,=0A= + _libssh2_bn *p,=0A= + _libssh2_bn *m,=0A= + _libssh2_bn_ctx *bnctx)=0A= +{=0A= + BCRYPT_KEY_HANDLE hKey;=0A= + BCRYPT_RSAKEY_BLOB *rsakey;=0A= + unsigned char *key, *bignum;=0A= + unsigned long keylen, offset, length;=0A= + int ret;=0A= +=0A= + (void)bnctx;=0A= +=0A= + if (!r || !a || !p || !m)=0A= + return -1;=0A= +=0A= + offset =3D sizeof(BCRYPT_RSAKEY_BLOB);=0A= + keylen =3D offset + p->length + m->length;=0A= +=0A= + key =3D malloc(keylen);=0A= + if (!key)=0A= + return -1;=0A= +=0A= +=0A= + /* http://msdn.microsoft.com/library/windows/desktop/aa375531.aspx = */=0A= + rsakey =3D (BCRYPT_RSAKEY_BLOB *)key;=0A= + rsakey->Magic =3D BCRYPT_RSAPUBLIC_MAGIC;=0A= + rsakey->BitLength =3D m->length * 8;=0A= + rsakey->cbPublicExp =3D p->length;=0A= + rsakey->cbModulus =3D m->length;=0A= + rsakey->cbPrime1 =3D 0;=0A= + rsakey->cbPrime2 =3D 0;=0A= +=0A= + memcpy(key + offset, p->bignum, p->length);=0A= + offset +=3D p->length;=0A= +=0A= + memcpy(key + offset, m->bignum, m->length);=0A= +=0A= + ret =3D BCryptImportKeyPair(_libssh2_wincng.hAlgRSA, NULL,=0A= + BCRYPT_RSAPUBLIC_BLOB, &hKey, key, keylen,=0A= + BCRYPT_NO_KEY_VALIDATION);=0A= +=0A= + if (ret =3D=3D STATUS_SUCCESS) {=0A= + ret =3D BCryptEncrypt(hKey, a->bignum, a->length, NULL, NULL, 0,=0A= + NULL, 0, &length, BCRYPT_PAD_NONE);=0A= + if (ret =3D=3D STATUS_SUCCESS) {=0A= + if (!_libssh2_wincng_bignum_resize(r, length)) {=0A= + length =3D max(a->length, length);=0A= + bignum =3D malloc(length);=0A= + if (bignum) {=0A= + offset =3D length - a->length;=0A= + memset(bignum, 0, offset);=0A= + memcpy(bignum + offset, a->bignum, a->length);=0A= +=0A= + ret =3D BCryptEncrypt(hKey, bignum, length, NULL, = NULL, 0,=0A= + r->bignum, r->length, &offset,=0A= + BCRYPT_PAD_NONE);=0A= +=0A= + free(bignum);=0A= +=0A= + if (ret =3D=3D STATUS_SUCCESS) {=0A= + _libssh2_wincng_bignum_resize(r, offset);=0A= + }=0A= + } else=0A= + ret =3D STATUS_NO_MEMORY;=0A= + } else=0A= + ret =3D STATUS_NO_MEMORY;=0A= + }=0A= +=0A= + BCryptDestroyKey(hKey);=0A= + }=0A= +=0A= + free(key);=0A= +=0A= + return ret =3D=3D STATUS_SUCCESS ? 0 : -1;=0A= +}=0A= +=0A= +int=0A= +_libssh2_wincng_bignum_set_word(_libssh2_bn *bn, unsigned long word)=0A= +{=0A= + unsigned long offset, number, bits =3D 0, length;=0A= +=0A= + if (!bn)=0A= + return -1;=0A= +=0A= + number =3D word;=0A= + while (number >>=3D 1)=0A= + bits++;=0A= +=0A= + length =3D (unsigned long)(ceil((double)(bits + 1) / 8) * (unsigned = long)sizeof(unsigned char));=0A= + if (_libssh2_wincng_bignum_resize(bn, length))=0A= + return -1;=0A= +=0A= + for (offset =3D 0; offset < length; offset++)=0A= + bn->bignum[offset] =3D (word >> (offset * 8)) & 0xff;=0A= +=0A= + return 0;=0A= +}=0A= +=0A= +unsigned long=0A= +_libssh2_wincng_bignum_bits(const _libssh2_bn *bn)=0A= +{=0A= + unsigned char number;=0A= + unsigned long offset, length, bits;=0A= +=0A= + if (!bn)=0A= + return 0;=0A= +=0A= + length =3D bn->length - 1;=0A= +=0A= + offset =3D 0;=0A= + while (!(*(bn->bignum + offset)) && (offset < length))=0A= + offset++;=0A= +=0A= + bits =3D (length - offset) * 8;=0A= + number =3D bn->bignum[offset];=0A= +=0A= + while (number >>=3D 1)=0A= + bits++;=0A= +=0A= + bits++;=0A= +=0A= + return bits;=0A= +}=0A= +=0A= +void=0A= +_libssh2_wincng_bignum_from_bin(_libssh2_bn *bn, unsigned long len,=0A= + const unsigned char *bin)=0A= +{=0A= + unsigned char *bignum;=0A= + unsigned long offset, length, bits;=0A= +=0A= + if (bn && bin && len > 0) {=0A= + if (!_libssh2_wincng_bignum_resize(bn, len)) {=0A= + memcpy(bn->bignum, bin, len);=0A= +=0A= + bits =3D _libssh2_wincng_bignum_bits(bn);=0A= + length =3D (unsigned long)(ceil((double)bits / 8) * sizeof(unsigned = char));=0A= +=0A= + offset =3D bn->length - length;=0A= + if (offset > 0) {=0A= + memmove(bn->bignum, bn->bignum + offset, length);=0A= +=0A= + bignum =3D realloc(bn->bignum, length);=0A= + if (bignum) {=0A= + bn->bignum =3D bignum;=0A= + bn->length =3D length;=0A= + }=0A= + }=0A= + }=0A= + }=0A= +}=0A= +=0A= +void=0A= +_libssh2_wincng_bignum_to_bin(const _libssh2_bn *bn, unsigned char *bin)=0A= +{=0A= + if (bin && bn && bn->bignum && bn->length > 0) {=0A= + memcpy(bin, bn->bignum, bn->length);=0A= + }=0A= +}=0A= +=0A= +void=0A= +_libssh2_wincng_bignum_free(_libssh2_bn *bn)=0A= +{=0A= + if (bn) {=0A= + if (bn->bignum) {=0A= + free(bn->bignum);=0A= + bn->bignum =3D NULL;=0A= + }=0A= + bn->length =3D 0;=0A= + free(bn);=0A= + }=0A= +}=0A= +=0A= +=0A= +/*=0A= + * Windows CNG backend: other functions=0A= + */=0A= +=0A= +void _libssh2_init_aes_ctr(void)=0A= +{=0A= + /* no implementation */=0A= + (void)0;=0A= +}=0A= +=0A= +#endif /* LIBSSH2_WINCNG */=0A= diff --git a/src/wincng.h b/src/wincng.h=0A= new file mode 100644=0A= index 0000000..e3ed4a0=0A= --- /dev/null=0A= +++ b/src/wincng.h=0A= @@ -0,0 +1,367 @@=0A= +/*=0A= + * Copyright (C) 2013 Marc Hoersken =0A= + * All rights reserved.=0A= + *=0A= + * Redistribution and use in source and binary forms,=0A= + * with or without modification, are permitted provided=0A= + * that the following conditions are met:=0A= + *=0A= + * Redistributions of source code must retain the above=0A= + * copyright notice, this list of conditions and the=0A= + * following disclaimer.=0A= + *=0A= + * Redistributions in binary form must reproduce the above=0A= + * copyright notice, this list of conditions and the following=0A= + * disclaimer in the documentation and/or other materials=0A= + * provided with the distribution.=0A= + *=0A= + * Neither the name of the copyright holder nor the names=0A= + * of any other contributors may be used to endorse or=0A= + * promote products derived from this software without=0A= + * specific prior written permission.=0A= + *=0A= + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND=0A= + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,=0A= + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES=0A= + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE=0A= + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR=0A= + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,=0A= + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,=0A= + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR=0A= + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS=0A= + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,=0A= + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING=0A= + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE=0A= + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY=0A= + * OF SUCH DAMAGE.=0A= + */=0A= +=0A= +#undef _WIN32_WINNT=0A= +#define _WIN32_WINNT 0x0600=0A= +=0A= +#ifndef STATUS_SUCCESS=0A= +#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)=0A= +#endif=0A= +=0A= +#ifdef HAVE_WINDOWS_H=0A= +#include =0A= +#endif=0A= +#ifdef HAVE_NTDEF_H=0A= +#include =0A= +#endif=0A= +#ifdef HAVE_NTSTATUS_H=0A= +#include =0A= +#endif=0A= +=0A= +#include =0A= +=0A= +=0A= +#define LIBSSH2_MD5 1=0A= +=0A= +#define LIBSSH2_HMAC_RIPEMD 0=0A= +=0A= +#define LIBSSH2_AES 1=0A= +#define LIBSSH2_AES_CTR 0=0A= +#define LIBSSH2_BLOWFISH 0=0A= +#define LIBSSH2_RC4 1=0A= +#define LIBSSH2_CAST 0=0A= +#define LIBSSH2_3DES 1=0A= +=0A= +#define LIBSSH2_RSA 1=0A= +#define LIBSSH2_DSA 1=0A= +=0A= +#define MD5_DIGEST_LENGTH 16=0A= +#define SHA_DIGEST_LENGTH 20=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: Global context handles=0A= + */=0A= +=0A= +struct _libssh2_wincng_ctx {=0A= + BCRYPT_ALG_HANDLE hAlgRNG;=0A= + BCRYPT_ALG_HANDLE hAlgHashMD5;=0A= + BCRYPT_ALG_HANDLE hAlgHashSHA1;=0A= + BCRYPT_ALG_HANDLE hAlgHmacMD5;=0A= + BCRYPT_ALG_HANDLE hAlgHmacSHA1;=0A= + BCRYPT_ALG_HANDLE hAlgRSA;=0A= + BCRYPT_ALG_HANDLE hAlgDSA;=0A= + BCRYPT_ALG_HANDLE hAlgAES_CBC;=0A= + BCRYPT_ALG_HANDLE hAlgRC4_NA;=0A= + BCRYPT_ALG_HANDLE hAlg3DES_CBC;=0A= +};=0A= +=0A= +struct _libssh2_wincng_ctx _libssh2_wincng;=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: Generic functions=0A= + */=0A= +=0A= +void _libssh2_wincng_init(void);=0A= +void _libssh2_wincng_free(void);=0A= +=0A= +#define libssh2_crypto_init() \=0A= + _libssh2_wincng_init()=0A= +#define libssh2_crypto_exit() \=0A= + _libssh2_wincng_free()=0A= +=0A= +#define _libssh2_random(buf, len) \=0A= + _libssh2_wincng_random(buf, len)=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: Hash structure=0A= + */=0A= +=0A= +struct _libssh2_wincng_hash_ctx {=0A= + BCRYPT_HASH_HANDLE hHash;=0A= + unsigned char *pbHashObject;=0A= + unsigned long dwHashObject;=0A= + unsigned long cbHash;=0A= +};=0A= +=0A= +#define _libssh2_wincng_hash_ctx struct _libssh2_wincng_hash_ctx=0A= +=0A= +/*=0A= + * Windows CNG backend: Hash functions=0A= + */=0A= +=0A= +#define libssh2_sha1_ctx _libssh2_wincng_hash_ctx=0A= +#define libssh2_sha1_init(ctx) \=0A= + _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashSHA1, \=0A= + SHA_DIGEST_LENGTH, NULL, 0)=0A= +#define libssh2_sha1_update(ctx, data, datalen) \=0A= + _libssh2_wincng_hash_update(&ctx, data, datalen)=0A= +#define libssh2_sha1_final(ctx, hash) \=0A= + _libssh2_wincng_hash_final(&ctx, hash)=0A= +#define libssh2_sha1(data, datalen, hash) \=0A= + _libssh2_wincng_hash(data, datalen, _libssh2_wincng.hAlgHashSHA1, \=0A= + hash, SHA_DIGEST_LENGTH)=0A= +=0A= +#define libssh2_md5_ctx _libssh2_wincng_hash_ctx=0A= +#define libssh2_md5_init(ctx) \=0A= + _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashMD5, \=0A= + MD5_DIGEST_LENGTH, NULL, 0)=0A= +#define libssh2_md5_update(ctx, data, datalen) \=0A= + _libssh2_wincng_hash_update(&ctx, data, datalen)=0A= +#define libssh2_md5_final(ctx, hash) \=0A= + _libssh2_wincng_hash_final(&ctx, hash)=0A= +#define libssh2_md5(data, datalen, hash) \=0A= + _libssh2_wincng_hash(data, datalen, _libssh2_wincng.hAlgHashMD5, \=0A= + hash, MD5_DIGEST_LENGTH)=0A= +=0A= +/*=0A= + * Windows CNG backend: HMAC functions=0A= + */=0A= +=0A= +#define libssh2_hmac_ctx _libssh2_wincng_hash_ctx=0A= +#define libssh2_hmac_sha1_init(ctx, key, keylen) \=0A= + _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHmacSHA1, \=0A= + SHA_DIGEST_LENGTH, key, keylen)=0A= +#define libssh2_hmac_md5_init(ctx, key, keylen) \=0A= + _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHmacMD5, \=0A= + MD5_DIGEST_LENGTH, key, keylen)=0A= +#define libssh2_hmac_ripemd160_init(ctx, key, keylen)=0A= + /* not implemented */=0A= +#define libssh2_hmac_update(ctx, data, datalen) \=0A= + _libssh2_wincng_hash_update(&ctx, data, datalen)=0A= +#define libssh2_hmac_final(ctx, hash) \=0A= + _libssh2_wincng_hmac_final(&ctx, hash)=0A= +#define libssh2_hmac_cleanup(ctx) \=0A= + _libssh2_wincng_hmac_cleanup(ctx)=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: Key Context structure=0A= + */=0A= +=0A= +struct _libssh2_wincng_key_ctx {=0A= + BCRYPT_KEY_HANDLE hKey;=0A= + unsigned char *pbKeyObject;=0A= + unsigned long cbKeyObject;=0A= +};=0A= +=0A= +#define _libssh2_wincng_key_ctx struct _libssh2_wincng_key_ctx=0A= +=0A= +/*=0A= + * Windows CNG backend: RSA functions=0A= + */=0A= +=0A= +#define libssh2_rsa_ctx _libssh2_wincng_key_ctx=0A= +#define _libssh2_rsa_new(rsactx, e, e_len, n, n_len, \=0A= + d, d_len, p, p_len, q, q_len, \=0A= + e1, e1_len, e2, e2_len, c, c_len) \=0A= + _libssh2_wincng_rsa_new(rsactx, e, e_len, n, n_len, \=0A= + d, d_len, p, p_len, q, q_len, \=0A= + e1, e1_len, e2, e2_len, c, c_len)=0A= +#define _libssh2_rsa_new_private(rsactx, s, filename, passphrase) \=0A= + _libssh2_wincng_rsa_new_private(rsactx, s, filename, passphrase)=0A= +#define _libssh2_rsa_sha1_sign(s, rsactx, hash, hash_len, sig, sig_len) = \=0A= + _libssh2_wincng_rsa_sha1_sign(s, rsactx, hash, hash_len, sig, sig_len)=0A= +#define _libssh2_rsa_sha1_verify(rsactx, sig, sig_len, m, m_len) \=0A= + _libssh2_wincng_rsa_sha1_verify(rsactx, sig, sig_len, m, m_len)=0A= +#define _libssh2_rsa_free(rsactx) \=0A= + _libssh2_wincng_rsa_free(rsactx)=0A= +=0A= +/*=0A= + * Windows CNG backend: DSA functions=0A= + */=0A= +=0A= +#define libssh2_dsa_ctx _libssh2_wincng_key_ctx=0A= +#define _libssh2_dsa_new(dsactx, p, p_len, q, q_len, \=0A= + g, g_len, y, y_len, x, x_len) \=0A= + _libssh2_wincng_dsa_new(dsactx, p, p_len, q, q_len, \=0A= + g, g_len, y, y_len, x, x_len)=0A= +#define _libssh2_dsa_new_private(rsactx, s, filename, passphrase) \=0A= + _libssh2_wincng_dsa_new_private(rsactx, s, filename, passphrase)=0A= +#define _libssh2_dsa_sha1_sign(dsactx, hash, hash_len, sig) \=0A= + _libssh2_wincng_dsa_sha1_sign(dsactx, hash, hash_len, sig)=0A= +#define _libssh2_dsa_sha1_verify(dsactx, sig, m, m_len) \=0A= + _libssh2_wincng_dsa_sha1_verify(dsactx, sig, m, m_len)=0A= +#define _libssh2_dsa_free(dsactx) \=0A= + _libssh2_wincng_dsa_free(dsactx)=0A= +=0A= +/*=0A= + * Windows CNG backend: Key functions=0A= + */=0A= +=0A= +#define _libssh2_pub_priv_keyfile(s, m, m_len, p, p_len, pk, pw) \=0A= + _libssh2_wincng_pub_priv_keyfile(s, m, m_len, p, p_len, pk, pw)=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: Cipher Context structure=0A= + */=0A= +=0A= +struct _libssh2_wincng_cipher_ctx {=0A= + BCRYPT_KEY_HANDLE hKey;=0A= + unsigned char *pbKeyObject;=0A= + unsigned char *pbIV;=0A= + unsigned long dwKeyObject;=0A= + unsigned long dwIV;=0A= + unsigned long dwBlockLength;=0A= +};=0A= +=0A= +#define _libssh2_cipher_ctx struct _libssh2_wincng_cipher_ctx=0A= +=0A= +/*=0A= + * Windows CNG backend: Cipher Type structure=0A= + */=0A= +=0A= +struct _libssh2_wincng_cipher_type {=0A= + BCRYPT_ALG_HANDLE *phAlg;=0A= + unsigned long dwKeyLength;=0A= + unsigned long dwUseIV;=0A= +};=0A= +=0A= +#define _libssh2_cipher_type(type) struct _libssh2_wincng_cipher_type = type=0A= +=0A= +#define _libssh2_cipher_aes256ctr { NULL, 32, 1 } /* not supported */=0A= +#define _libssh2_cipher_aes192ctr { NULL, 24, 1 } /* not supported */=0A= +#define _libssh2_cipher_aes128ctr { NULL, 16, 1 } /* not supported */=0A= +#define _libssh2_cipher_aes256 { &_libssh2_wincng.hAlgAES_CBC, 32, 1 }=0A= +#define _libssh2_cipher_aes192 { &_libssh2_wincng.hAlgAES_CBC, 24, 1 }=0A= +#define _libssh2_cipher_aes128 { &_libssh2_wincng.hAlgAES_CBC, 16, 1 }=0A= +#define _libssh2_cipher_blowfish { NULL, 16, 0 } /* not supported */=0A= +#define _libssh2_cipher_arcfour { &_libssh2_wincng.hAlgRC4_NA, 16, 0 }=0A= +#define _libssh2_cipher_cast5 { NULL, 16, 0 } /* not supported */=0A= +#define _libssh2_cipher_3des { &_libssh2_wincng.hAlg3DES_CBC, 24, 1 }=0A= +=0A= +/*=0A= + * Windows CNG backend: Cipher functions=0A= + */=0A= +=0A= +#define _libssh2_cipher_init(ctx, type, iv, secret, encrypt) \=0A= + _libssh2_wincng_cipher_init(ctx, type, iv, secret, encrypt)=0A= +#define _libssh2_cipher_crypt(ctx, type, encrypt, block, blocklen) \=0A= + _libssh2_wincng_cipher_crypt(ctx, type, encrypt, block, blocklen)=0A= +#define _libssh2_cipher_dtor(ctx) \=0A= + _libssh2_wincng_cipher_dtor(ctx)=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: BigNumber Context=0A= + */=0A= +=0A= +#define _libssh2_bn_ctx int /* not used */=0A= +#define _libssh2_bn_ctx_new() 0 /* not used */=0A= +#define _libssh2_bn_ctx_free(bnctx) ((void)0) /* not used */=0A= +=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= + * Windows CNG backend: BigNumber structure=0A= + */=0A= +=0A= +struct _libssh2_wincng_bignum {=0A= + unsigned char *bignum;=0A= + unsigned long length;=0A= +};=0A= +=0A= +#define _libssh2_bn struct _libssh2_wincng_bignum=0A= +=0A= +/*=0A= + * Windows CNG backend: BigNumber functions=0A= + */=0A= +=0A= +_libssh2_bn *_libssh2_wincng_bignum_init(void);=0A= +=0A= +#define _libssh2_bn_init() \=0A= + _libssh2_wincng_bignum_init()=0A= +#define _libssh2_bn_rand(bn, bits, top, bottom) \=0A= + _libssh2_wincng_bignum_rand(bn, bits, top, bottom)=0A= +#define _libssh2_bn_mod_exp(r, a, p, m, ctx) \=0A= + _libssh2_wincng_bignum_mod_exp(r, a, p, m, ctx)=0A= +#define _libssh2_bn_set_word(bn, word) \=0A= + _libssh2_wincng_bignum_set_word(bn, word)=0A= +#define _libssh2_bn_from_bin(bn, len, bin) \=0A= + _libssh2_wincng_bignum_from_bin(bn, len, bin)=0A= +#define _libssh2_bn_to_bin(bn, bin) \=0A= + _libssh2_wincng_bignum_to_bin(bn, bin)=0A= +#define _libssh2_bn_bytes(bn) bn->length=0A= +#define _libssh2_bn_bits(bn) \=0A= + _libssh2_wincng_bignum_bits(bn)=0A= +#define _libssh2_bn_free(bn) \=0A= + _libssh2_wincng_bignum_free(bn)=0A= +=0A= +/*******************************************************************/=0A= +/*=0A= +* Windows CNG backend: forward declarations=0A= +*/=0A= +extern int _libssh2_wincng_random(void *buf, int len);=0A= +extern void _libssh2_wincng_cipher_dtor(_libssh2_cipher_ctx *ctx);=0A= +extern int _libssh2_wincng_hash_init(_libssh2_wincng_hash_ctx *ctx,=0A= + BCRYPT_ALG_HANDLE hAlg, unsigned long hashlen,=0A= + unsigned char *key, unsigned long keylen);=0A= +extern int _libssh2_wincng_hash_update(_libssh2_wincng_hash_ctx *ctx,=0A= + const unsigned char *data, unsigned long datalen);=0A= +extern int _libssh2_wincng_hash_final(_libssh2_wincng_hash_ctx *ctx,=0A= + unsigned char *hash);=0A= +extern void _libssh2_wincng_rsa_free(libssh2_rsa_ctx *rsa);=0A= +extern void _libssh2_wincng_dsa_free(libssh2_dsa_ctx *dsa);=0A= +extern int _libssh2_wincng_bignum_rand(_libssh2_bn *rnd, int bits, int = top, int bottom);=0A= +extern int _libssh2_wincng_bignum_mod_exp(_libssh2_bn *r,=0A= + _libssh2_bn *a,=0A= + _libssh2_bn *p,=0A= + _libssh2_bn *m,=0A= + _libssh2_bn_ctx *bnctx);=0A= +extern unsigned long _libssh2_wincng_bignum_bits(const _libssh2_bn *bn);=0A= +extern void _libssh2_wincng_bignum_to_bin(const _libssh2_bn *bn, = unsigned char *bin);=0A= +extern void _libssh2_wincng_bignum_from_bin(_libssh2_bn *bn, unsigned = long len,=0A= + const unsigned char *bin);=0A= +extern void _libssh2_wincng_bignum_free(_libssh2_bn *bn);=0A= +extern int _libssh2_wincng_bignum_set_word(_libssh2_bn *bn, unsigned = long word);=0A= +extern int _libssh2_wincng_hmac_final(_libssh2_wincng_hash_ctx *ctx,=0A= + unsigned char *hash);=0A= +extern void _libssh2_wincng_hmac_cleanup(_libssh2_wincng_hash_ctx *ctx);=0A= +extern int _libssh2_wincng_hmac_final(_libssh2_wincng_hash_ctx *ctx,=0A= + unsigned char *hash);=0A= +extern void _libssh2_wincng_hmac_cleanup(_libssh2_wincng_hash_ctx *ctx);=0A= +=0A= +=0A= diff --git a/win32/.gitignore b/win32/.gitignore=0A= index 0afd7fd..9932a40 100644=0A= --- a/win32/.gitignore=0A= +++ b/win32/.gitignore=0A= @@ -12,3 +12,4 @@ Release=0A= *.plg=0A= libssh2.dsp=0A= objects.mk=0A= +obj=0A= diff --git a/win32/libssh2.sln b/win32/libssh2.sln=0A= new file mode 100644=0A= index 0000000..6da1d69=0A= --- /dev/null=0A= +++ b/win32/libssh2.sln=0A= @@ -0,0 +1,53 @@=0A= +Microsoft Visual Studio Solution File, Format Version 12.00=0A= +# Visual Studio 2013=0A= +VisualStudioVersion =3D 12.0.30110.0=0A= +MinimumVisualStudioVersion =3D 10.0.40219.1=0A= +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") =3D "libssh2", = "libssh2.vcxproj", "{790C5988-391E-47D7-8EFB-BA1C99F72EA5}"=0A= +EndProject=0A= +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") =3D "tests", = "tests.vcxproj", "{237AF8DB-FAF9-484B-9F8B-21A912CD4E73}"=0A= +EndProject=0A= +Global=0A= + GlobalSection(SolutionConfigurationPlatforms) =3D preSolution=0A= + DLL Debug|Win32 =3D DLL Debug|Win32=0A= + DLL Debug|x64 =3D DLL Debug|x64=0A= + DLL Release|Win32 =3D DLL Release|Win32=0A= + DLL Release|x64 =3D DLL Release|x64=0A= + LIB Debug|Win32 =3D LIB Debug|Win32=0A= + LIB Debug|x64 =3D LIB Debug|x64=0A= + LIB Release|Win32 =3D LIB Release|Win32=0A= + LIB Release|x64 =3D LIB Release|x64=0A= + EndGlobalSection=0A= + GlobalSection(ProjectConfigurationPlatforms) =3D postSolution=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.DLL Debug|Win32.ActiveCfg =3D = DLL Debug|Win32=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.DLL Debug|Win32.Build.0 =3D = DLL Debug|Win32=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.DLL Debug|x64.ActiveCfg =3D = DLL Debug|x64=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.DLL Debug|x64.Build.0 =3D DLL = Debug|x64=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.DLL Release|Win32.ActiveCfg = =3D DLL Release|Win32=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.DLL Release|Win32.Build.0 =3D = DLL Release|Win32=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.DLL Release|x64.ActiveCfg =3D = DLL Release|x64=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.DLL Release|x64.Build.0 =3D = DLL Release|x64=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.LIB Debug|Win32.ActiveCfg =3D = LIB Debug|Win32=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.LIB Debug|Win32.Build.0 =3D = LIB Debug|Win32=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.LIB Debug|x64.ActiveCfg =3D = LIB Debug|x64=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.LIB Debug|x64.Build.0 =3D LIB = Debug|x64=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.LIB Release|Win32.ActiveCfg = =3D LIB Release|Win32=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.LIB Release|Win32.Build.0 =3D = LIB Release|Win32=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.LIB Release|x64.ActiveCfg =3D = LIB Release|x64=0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}.LIB Release|x64.Build.0 =3D = LIB Release|x64=0A= + {237AF8DB-FAF9-484B-9F8B-21A912CD4E73}.DLL Debug|Win32.ActiveCfg =3D = Debug|Win32=0A= + {237AF8DB-FAF9-484B-9F8B-21A912CD4E73}.DLL Debug|Win32.Build.0 =3D = Debug|Win32=0A= + {237AF8DB-FAF9-484B-9F8B-21A912CD4E73}.DLL Debug|x64.ActiveCfg =3D = Debug|Win32=0A= + {237AF8DB-FAF9-484B-9F8B-21A912CD4E73}.DLL Release|Win32.ActiveCfg = =3D Release|Win32=0A= + {237AF8DB-FAF9-484B-9F8B-21A912CD4E73}.DLL Release|Win32.Build.0 =3D = Release|Win32=0A= + {237AF8DB-FAF9-484B-9F8B-21A912CD4E73}.DLL Release|x64.ActiveCfg =3D = Release|Win32=0A= + {237AF8DB-FAF9-484B-9F8B-21A912CD4E73}.LIB Debug|Win32.ActiveCfg =3D = Debug|Win32=0A= + {237AF8DB-FAF9-484B-9F8B-21A912CD4E73}.LIB Debug|Win32.Build.0 =3D = Debug|Win32=0A= + {237AF8DB-FAF9-484B-9F8B-21A912CD4E73}.LIB Debug|x64.ActiveCfg =3D = Debug|Win32=0A= + {237AF8DB-FAF9-484B-9F8B-21A912CD4E73}.LIB Release|Win32.ActiveCfg = =3D Release|Win32=0A= + {237AF8DB-FAF9-484B-9F8B-21A912CD4E73}.LIB Release|Win32.Build.0 =3D = Release|Win32=0A= + {237AF8DB-FAF9-484B-9F8B-21A912CD4E73}.LIB Release|x64.ActiveCfg =3D = Release|Win32=0A= + EndGlobalSection=0A= + GlobalSection(SolutionProperties) =3D preSolution=0A= + HideSolutionNode =3D FALSE=0A= + EndGlobalSection=0A= +EndGlobal=0A= diff --git a/win32/libssh2.vcxproj b/win32/libssh2.vcxproj=0A= new file mode 100644=0A= index 0000000..566bf73=0A= --- /dev/null=0A= +++ b/win32/libssh2.vcxproj=0A= @@ -0,0 +1,502 @@=0A= +=EF=BB=BF=0A= +=0A= + =0A= + =0A= + DLL Debug=0A= + Win32=0A= + =0A= + =0A= + DLL Debug=0A= + x64=0A= + =0A= + =0A= + DLL Release=0A= + Win32=0A= + =0A= + =0A= + DLL Release=0A= + x64=0A= + =0A= + =0A= + LIB Debug=0A= + Win32=0A= + =0A= + =0A= + LIB Debug=0A= + x64=0A= + =0A= + =0A= + LIB Release=0A= + Win32=0A= + =0A= + =0A= + LIB Release=0A= + x64=0A= + =0A= + =0A= + =0A= + =0A= + =0A= + {790C5988-391E-47D7-8EFB-BA1C99F72EA5}=0A= + =0A= + =0A= + =0A= + StaticLibrary=0A= + v120=0A= + false=0A= + MultiByte=0A= + =0A= + =0A= + StaticLibrary=0A= + v120=0A= + false=0A= + MultiByte=0A= + =0A= + =0A= + StaticLibrary=0A= + v120=0A= + false=0A= + MultiByte=0A= + =0A= + =0A= + StaticLibrary=0A= + v120=0A= + false=0A= + MultiByte=0A= + =0A= + =0A= + DynamicLibrary=0A= + v120=0A= + false=0A= + MultiByte=0A= + =0A= + =0A= + DynamicLibrary=0A= + v120=0A= + false=0A= + MultiByte=0A= + =0A= + =0A= + DynamicLibrary=0A= + v120=0A= + false=0A= + MultiByte=0A= + =0A= + =0A= + DynamicLibrary=0A= + v120=0A= + false=0A= + MultiByte=0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + $(SolutionDir)$(Configuration)\$(Platform)\=0A= + = $(SolutionDir)obj\$(Configuration)\$(Platform)\$(ProjectName)\=0A= + false=0A= + =0A= + =0A= + false=0A= + = $(SolutionDir)obj\$(Configuration)\$(Platform)\$(ProjectName)\=0A= + $(SolutionDir)$(Configuration)\$(Platform)\=0A= + =0A= + =0A= + $(SolutionDir)$(Configuration)\$(Platform)\=0A= + = $(SolutionDir)obj\$(Configuration)\$(Platform)\$(ProjectName)\=0A= + false=0A= + =0A= + =0A= + false=0A= + = $(SolutionDir)obj\$(Configuration)\$(Platform)\$(ProjectName)\=0A= + $(SolutionDir)$(Configuration)\$(Platform)\=0A= + =0A= + =0A= + $(SolutionDir)$(Configuration)\$(Platform)\=0A= + = $(SolutionDir)obj\$(Configuration)\$(Platform)\$(ProjectName)\=0A= + true=0A= + =0A= + =0A= + true=0A= + = $(SolutionDir)obj\$(Configuration)\$(Platform)\$(ProjectName)\=0A= + $(SolutionDir)$(Configuration)\$(Platform)\=0A= + =0A= + =0A= + $(SolutionDir)$(Configuration)\$(Platform)\=0A= + = $(SolutionDir)obj\$(Configuration)\$(Platform)\$(ProjectName)\=0A= + false=0A= + =0A= + =0A= + false=0A= + = $(SolutionDir)obj\$(Configuration)\$(Platform)\$(ProjectName)\=0A= + $(SolutionDir)$(Configuration)\$(Platform)\=0A= + =0A= + =0A= + =0A= + MultiThreadedDebugDLL=0A= + Default=0A= + false=0A= + Disabled=0A= + true=0A= + Level3=0A= + false=0A= + true=0A= + ProgramDatabase=0A= + = C:\blds\GD\SRC\lib\zlib;..\win32;..\include= ;%(AdditionalIncludeDirectories)=0A= + = LIBSSH2_HAVE_ZLIB;HAVE_WINDOWS_H;HAVE_STDLIB_H;H= AVE_LIBCRYPT32;LIBSSH2_WINCNG;LIBSSH2_WIN32;WIN32;_DEBUG;_LIB;LIBSSH2DEBU= G;%(PreprocessorDefinitions)=0A= + $(IntDir)=0A= + = $(IntDir)$(ProjectName).pch=0A= + $(IntDir)=0A= + $(IntDir)=0A= + EnableFastChecks=0A= + true=0A= + =0A= + =0A= + 0x0409=0A= + = _DEBUG;%(PreprocessorDefinitions)=0A= + =0A= + =0A= + true=0A= + $(OutDir)$(TargetName).bsc=0A= + =0A= + =0A= + true=0A= + true=0A= + true=0A= + Console=0A= + false=0A= + $(TargetPath)=0A= + $(TargetDir)$(TargetName).lib=0A= + = ws2_32.lib;%(AdditionalDependencies)=0A= + =0A= + =0A= + = $(TargetDir)$(TargetName).pdb=0A= + = $(TargetDir)$(TargetName).pgd=0A= + =0A= + =0A= + =0A= + =0A= + MultiThreadedDebugDLL=0A= + Default=0A= + false=0A= + Disabled=0A= + true=0A= + Level3=0A= + false=0A= + ProgramDatabase=0A= + = C:\blds\GD\SRC\lib\zlib;..\win32;..\include= ;%(AdditionalIncludeDirectories)=0A= + = LIBSSH2_HAVE_ZLIB;HAVE_WINDOWS_H;HAVE_STDLIB_H;H= AVE_LIBCRYPT32;LIBSSH2_WINCNG;LIBSSH2_WIN32;WIN32;_DEBUG;_LIB;LIBSSH2DEBU= G;%(PreprocessorDefinitions)=0A= + $(IntDir)=0A= + = $(IntDir)$(ProjectName).pch=0A= + $(IntDir)=0A= + $(IntDir)=0A= + EnableFastChecks=0A= + true=0A= + true=0A= + =0A= + =0A= + 0x0409=0A= + = _DEBUG;%(PreprocessorDefinitions)=0A= + =0A= + =0A= + true=0A= + $(OutDir)$(TargetName).bsc=0A= + =0A= + =0A= + true=0A= + true=0A= + true=0A= + Console=0A= + false=0A= + $(TargetPath)=0A= + $(TargetDir)$(TargetName).lib=0A= + = ws2_32.lib;%(AdditionalDependencies)=0A= + =0A= + =0A= + = $(TargetDir)$(TargetName).pdb=0A= + = $(TargetDir)$(TargetName).pgd=0A= + =0A= + =0A= + =0A= + =0A= + MultiThreadedDLL=0A= + Default=0A= + true=0A= + true=0A= + MaxSpeed=0A= + true=0A= + Level3=0A= + = C:\blds\GD\SRC\lib\zlib;..\win32;..\include= ;%(AdditionalIncludeDirectories)=0A= + = LIBSSH2_HAVE_ZLIB;HAVE_WINDOWS_H;HAVE_STDLIB_H;H= AVE_LIBCRYPT32;LIBSSH2_WINCNG;LIBSSH2_WIN32;WIN32;NDEBUG;_LIB;%(Preproces= sorDefinitions)=0A= + $(IntDir)=0A= + = $(IntDir)$(ProjectName).pch=0A= + $(IntDir)=0A= + $(IntDir)=0A= + true=0A= + =0A= + =0A= + 0x0409=0A= + = NDEBUG;%(PreprocessorDefinitions)=0A= + =0A= + =0A= + true=0A= + $(OutDir)$(TargetName).bsc=0A= + =0A= + =0A= + true=0A= + true=0A= + true=0A= + Console=0A= + $(TargetPath)=0A= + $(TargetDir)$(TargetName).lib=0A= + = ws2_32.lib;%(AdditionalDependencies)=0A= + =0A= + =0A= + = $(TargetDir)$(TargetName).pdb=0A= + = $(TargetDir)$(TargetName).pgd=0A= + =0A= + =0A= + =0A= + =0A= + MultiThreadedDLL=0A= + Default=0A= + true=0A= + true=0A= + MaxSpeed=0A= + true=0A= + Level3=0A= + = C:\blds\GD\SRC\lib\zlib;..\win32;..\include= ;%(AdditionalIncludeDirectories)=0A= + = LIBSSH2_HAVE_ZLIB;HAVE_WINDOWS_H;HAVE_STDLIB_H;H= AVE_LIBCRYPT32;LIBSSH2_WINCNG;LIBSSH2_WIN32;WIN32;NDEBUG;_LIB;%(Preproces= sorDefinitions)=0A= + $(IntDir)=0A= + = $(IntDir)$(ProjectName).pch=0A= + $(IntDir)=0A= + $(IntDir)=0A= + true=0A= + false=0A= + =0A= + =0A= + 0x0409=0A= + = NDEBUG;%(PreprocessorDefinitions)=0A= + =0A= + =0A= + true=0A= + $(OutDir)$(TargetName).bsc=0A= + =0A= + =0A= + true=0A= + true=0A= + true=0A= + Console=0A= + $(TargetPath)=0A= + $(TargetDir)$(TargetName).lib=0A= + = ws2_32.lib;%(AdditionalDependencies)=0A= + =0A= + =0A= + = $(TargetDir)$(TargetName).pdb=0A= + = $(TargetDir)$(TargetName).pgd=0A= + =0A= + =0A= + =0A= + =0A= + MultiThreadedDebugDLL=0A= + Default=0A= + false=0A= + Disabled=0A= + true=0A= + Level3=0A= + true=0A= + EditAndContinue=0A= + = C:\blds\GD\SRC\lib\zlib;..\win32;..\include= ;%(AdditionalIncludeDirectories)=0A= + = LIBSSH2_HAVE_ZLIB;HAVE_WINDOWS_H;HAVE_STDLIB_H;H= AVE_LIBCRYPT32;LIBSSH2_WINCNG;LIBSSH2_WINCNG;WIN32;_DEBUG;LIBSSH2_WIN32;_= LIB;LIBSSH2DEBUG;%(PreprocessorDefinitions)=0A= + $(IntDir)=0A= + = $(IntDir)$(ProjectName).pch=0A= + $(IntDir)=0A= + $(IntDir)=0A= + EnableFastChecks=0A= + true=0A= + =0A= + =0A= + 0x0409=0A= + = _DEBUG;%(PreprocessorDefinitions)=0A= + =0A= + =0A= + true=0A= + $(OutDir)$(TargetName).bsc=0A= + =0A= + =0A= + true=0A= + $(TargetPath)=0A= + =0A= + =0A= + =0A= + =0A= + MultiThreadedDebugDLL=0A= + Default=0A= + false=0A= + Disabled=0A= + true=0A= + Level3=0A= + ProgramDatabase=0A= + = C:\blds\GD\SRC\lib\zlib;..\win32;..\include= ;%(AdditionalIncludeDirectories)=0A= + = LIBSSH2_HAVE_ZLIB;HAVE_WINDOWS_H;HAVE_STDLIB_H;H= AVE_LIBCRYPT32;LIBSSH2_WINCNG;LIBSSH2_WINCNG;WIN32;_DEBUG;LIBSSH2_WIN32;_= LIB;LIBSSH2DEBUG;%(PreprocessorDefinitions)=0A= + $(IntDir)=0A= + = $(IntDir)$(ProjectName).pch=0A= + $(IntDir)=0A= + $(IntDir)=0A= + EnableFastChecks=0A= + true=0A= + true=0A= + =0A= + =0A= + 0x0409=0A= + = _DEBUG;%(PreprocessorDefinitions)=0A= + =0A= + =0A= + true=0A= + $(OutDir)$(TargetName).bsc=0A= + =0A= + =0A= + true=0A= + $(TargetPath)=0A= + =0A= + =0A= + =0A= + =0A= + MultiThreadedDLL=0A= + Default=0A= + true=0A= + true=0A= + MaxSpeed=0A= + true=0A= + Level3=0A= + = C:\blds\GD\SRC\lib\zlib;..\win32;..\include= ;%(AdditionalIncludeDirectories)=0A= + = LIBSSH2_HAVE_ZLIB;HAVE_WINDOWS_H;HAVE_STDLIB_H;H= AVE_LIBCRYPT32;LIBSSH2_WINCNG;WIN32;NDEBUG;LIBSSH2_WIN32;_LIB;%(Preproces= sorDefinitions)=0A= + $(IntDir)=0A= + = $(IntDir)$(ProjectName).pch=0A= + $(IntDir)=0A= + $(IntDir)=0A= + true=0A= + =0A= + =0A= + 0x0409=0A= + = NDEBUG;%(PreprocessorDefinitions)=0A= + =0A= + =0A= + true=0A= + $(OutDir)$(TargetName).bsc=0A= + =0A= + =0A= + true=0A= + $(TargetPath)=0A= + =0A= + =0A= + =0A= + =0A= + MultiThreadedDLL=0A= + Default=0A= + true=0A= + true=0A= + MaxSpeed=0A= + true=0A= + Level3=0A= + = C:\blds\GD\SRC\lib\zlib;..\win32;..\include= ;%(AdditionalIncludeDirectories)=0A= + = LIBSSH2_HAVE_ZLIB;HAVE_WINDOWS_H;HAVE_STDLIB_H;H= AVE_LIBCRYPT32;LIBSSH2_WINCNG;WIN32;NDEBUG;LIBSSH2_WIN32;_LIB;%(Preproces= sorDefinitions)=0A= + $(IntDir)=0A= + = $(IntDir)$(ProjectName).pch=0A= + $(IntDir)=0A= + $(IntDir)=0A= + true=0A= + false=0A= + =0A= + =0A= + 0x0409=0A= + = NDEBUG;%(PreprocessorDefinitions)=0A= + =0A= + =0A= + true=0A= + $(OutDir)$(TargetName).bsc=0A= + =0A= + =0A= + true=0A= + $(TargetPath)=0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= +=0A= \ No newline at end of file=0A= diff --git a/win32/libssh2.vcxproj.filters = b/win32/libssh2.vcxproj.filters=0A= new file mode 100644=0A= index 0000000..a40951e=0A= --- /dev/null=0A= +++ b/win32/libssh2.vcxproj.filters=0A= @@ -0,0 +1,131 @@=0A= +=EF=BB=BF=0A= +=0A= + =0A= + =0A= + = {ed49fc94-18dd-4117-9bb1-9edaee5e50dc}=0A= + cpp;c;cxx=0A= + =0A= + =0A= + = {50b16c19-53fc-429b-af80-6dcc902ad055}=0A= + h;hpp;hxx=0A= + =0A= + =0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= + Header Files=0A= + =0A= + =0A= +=0A= \ No newline at end of file=0A= diff --git a/win32/tests.vcxproj b/win32/tests.vcxproj=0A= new file mode 100644=0A= index 0000000..02d3f6d=0A= --- /dev/null=0A= +++ b/win32/tests.vcxproj=0A= @@ -0,0 +1,144 @@=0A= +=EF=BB=BF=0A= +=0A= + =0A= + =0A= + Debug=0A= + Win32=0A= + =0A= + =0A= + Release=0A= + Win32=0A= + =0A= + =0A= + Template=0A= + Win32=0A= + =0A= + =0A= + =0A= + =0A= + =0A= + {237AF8DB-FAF9-484B-9F8B-21A912CD4E73}=0A= + =0A= + =0A= + =0A= + Application=0A= + v120=0A= + =0A= + =0A= + Application=0A= + v120=0A= + false=0A= + MultiByte=0A= + =0A= + =0A= + Application=0A= + v120=0A= + false=0A= + MultiByte=0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + .\Release\=0A= + .\Release\=0A= + false=0A= + =0A= + =0A= + .\Debug\=0A= + .\Debug\=0A= + true=0A= + =0A= + =0A= + =0A= + MultiThreadedDLL=0A= + Default=0A= + true=0A= + true=0A= + MaxSpeed=0A= + true=0A= + Level3=0A= + = ..\include;..\win32;%(AdditionalIncludeDire= ctories)=0A= + = WIN32;NDEBUG;LIBSSH2_WIN32;_CONSOLE;%(Preprocess= orDefinitions)=0A= + .\Release\=0A= + = .\Release\tests.pch=0A= + .\Release\=0A= + .\Release\=0A= + =0A= + =0A= + .\Release\tests.tlb=0A= + =0A= + =0A= + 0x0409=0A= + = NDEBUG;%(PreprocessorDefinitions)=0A= + =0A= + =0A= + true=0A= + .\Release\tests.bsc=0A= + =0A= + =0A= + true=0A= + Console=0A= + simple.exe=0A= + = Release;%(AdditionalLibraryDirectories)=0A= + = odbc32.lib;odbccp32.lib;libeay32.lib;ssleay32.lib= ;ws2_32.lib;zlib.lib;libssh2.lib;%(AdditionalDependencies)=0A= + =0A= + =0A= + =0A= + =0A= + MultiThreadedDebugDLL=0A= + Default=0A= + false=0A= + Disabled=0A= + true=0A= + Level3=0A= + true=0A= + EditAndContinue=0A= + = ..\include;..\win32;%(AdditionalIncludeDire= ctories)=0A= + = WIN32;_DEBUG;LIBSSH2_WIN32;_CONSOLE;%(Preprocess= orDefinitions)=0A= + .\Debug\=0A= + = .\Debug\tests.pch=0A= + .\Debug\=0A= + .\Debug\=0A= + EnableFastChecks=0A= + =0A= + =0A= + .\Debug\tests.tlb=0A= + =0A= + =0A= + 0x0409=0A= + = _DEBUG;%(PreprocessorDefinitions)=0A= + =0A= + =0A= + true=0A= + .\Debug\tests.bsc=0A= + =0A= + =0A= + true=0A= + true=0A= + Console=0A= + = msvcrt.lib;%(IgnoreSpecificDefaultLibrari= es)=0A= + simple.exe=0A= + = Debug;%(AdditionalLibraryDirectories)=0A= + = odbc32.lib;odbccp32.lib;libeay32.lib;ssleay32.lib= ;ws2_32.lib;zlib.lib;libssh2d.lib;%(AdditionalDependencies)=0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= + =0A= +=0A= \ No newline at end of file=0A= diff --git a/win32/tests.vcxproj.filters b/win32/tests.vcxproj.filters=0A= new file mode 100644=0A= index 0000000..0e934de=0A= --- /dev/null=0A= +++ b/win32/tests.vcxproj.filters=0A= @@ -0,0 +1,22 @@=0A= +=EF=BB=BF=0A= +=0A= + =0A= + =0A= + = {5f88c3ec-6eaf-402c-b529-9c3be528ab9a}=0A= + cpp;c;cxx;rc;def;r;odl;idl;hpj;bat=0A= + =0A= + =0A= + = {b7f5ec6a-9426-4cb0-b384-eacfd8078165}=0A= + h;hpp;hxx;hm;inl=0A= + =0A= + =0A= + = {c37cf913-6ab0-4960-9b2e-b7f4bd19102a}=0A= + = ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe=0A= + =0A= + =0A= + =0A= + =0A= + Source Files=0A= + =0A= + =0A= +=0A= \ No newline at end of file=0A= ------=_NextPart_000_0066_01CF3F91.53802AB0 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel ------=_NextPart_000_0066_01CF3F91.53802AB0-- From libssh2-devel-bounces@cool.haxx.se Fri Mar 14 21:24:47 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2EKOQPM007265; Fri, 14 Mar 2014 21:24:44 +0100 Received: from bay0-omc4-s20.bay0.hotmail.com (bay0-omc4-s20.bay0.hotmail.com [65.54.190.222]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2EKONXe007231 for ; Fri, 14 Mar 2014 21:24:24 +0100 Received: from BAY407-EAS186 ([65.54.190.199]) by bay0-omc4-s20.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 14 Mar 2014 13:24:18 -0700 X-TMN: [psE0eymQKcLVZZixmIMAaPvVHsj5uZuu] X-Originating-Email: [bob_2824@hotmail.com] Message-ID: From: Bob Kast To: "'libssh2 development'" References: <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20130922151824.23037.qmail@stuge.se> <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20131113020632.28469.qmail@stuge.se> <52895481.30407@marc-hoersken.de> <531B1EDD.4050804@marc-hoersken.de>

<532217AD.4060203@marc-hoersken.de> In-Reply-To: Subject: RE: [PATCH] Added Windows Cryptography API: Next Generation backend Date: Fri, 14 Mar 2014 16:24:17 -0400 MIME-Version: 1.0 X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQABAgME26NNhHPVYzJ7c9Yw7yC3/wByfiepALehmp4AvfuhMAB7rg6snmpjwIA= Content-Language: en-us X-OriginalArrivalTime: 14 Mar 2014 20:24:18.0778 (UTC) FILETIME=[6088BBA0:01CF3FC3] X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Ah. Never mind about the auth failure. I found out that my set of FTP accounts had mysteriously had their passwords changed. I tried it on a known good SFTP account and it works fine so far! -----Original Message----- From: Bob Kast [mailto:bob_2824@hotmail.com] Sent: Friday, March 14, 2014 2:26 PM To: 'libssh2 development' Subject: RE: [PATCH] Added Windows Cryptography API: Next Generation backend Okay, I'm new to this and I didn't realize you had already done all the work! I checked out the latest and applied your patches and got Visual Studio 2013 to work with it (notice .sln/.vcxproj files). I have 2 platforms (x64 and x86), and 4 configurations (LIB Debug, LIB Release, DLL Debug, DLL Release). I fixed the warnings for x86 compiles. There are lots more on x64 (the main reason: on WIN64 size_t is a 64 bit type) and didn't deal with them yet. In any case, I got them all to compile and link and I thought I was home free but when I tested it for doing a SFTP Get file, the password authorization fails. I stepped through it and it seems to format a request packet correctly and waits for a response, and the response contains SSH_MSG_USERAUTH_FAILURE as the first byte. Not sure where to go from here. I did check out the latest version. Should I check out some more stable version? I attached my patches. A couple of notes: _LIBSSH2_SESSION::scpRecv_mode (long) is assigned to struct stat::st_mode (unsigned short) Are they supposed to be the same type? In _libssh2_wincng_bignum_set_word() the local variable "bits" was never initialized. I assume it is supposed to be initialized to 0. Thanks, Bob -----Original Message----- From: libssh2-devel [mailto:libssh2-devel-bounces@cool.haxx.se] On Behalf Of Marc Hoersken Sent: Thursday, March 13, 2014 4:40 PM To: libssh2 development Subject: Re: [PATCH] Added Windows Cryptography API: Next Generation backend On 13.03.2014 15:18, Bob Kast wrote: > Going through openssl.h to see what needed to be done, the hashes were > pretty simple except that LIBSSH2_HMAC_RIPEMD is not supported by WinCNG. Yes, that is true. There is currently no direct way to implement RIPEMD using the CryptoAPI or WinCNG. > Supporting encryption/signing was less clear to me. RSA and DSA as well as AES, RC4 and 3DES are supported by WinCNG. > The following are also not supported by WinCNG: > LIBSSH2_AES_CTR > LIBSSH2_BLOWFISH > LIBSSH2_CAST Yes, that is correct as well. > Modes WinCNG supports for AES: > - ECB > - CBC > - CFB > - CCM > - GCM AES-CTR could probably be implemented on top of EBC, just like it's done if OpenSSL was built without it. > Not sure what _libssh2_bn would map to. I found a way to use RSA encryption in order to implement the required math functions (e.g. modular exponentiation) by using it with big numbers stored as byte arrays. This is also the reason why I had to use WinCNG instead of CryptoAPI, since the later one is limited to a 4-byte exponent. Please see my original mail for a longer explanation: http://libssh2.org/mail/libssh2-devel-archive-2013-05/0011.shtml > My purpose for using libssh2 is to implement SFTP. What does WinCNG > need to provide in order for SFTP to be fully implemented? I tested my implementation against an OpenSSH and Bitvise SSH Server using the implemented algorithms and everything worked fine. It seems like all required functionality is implemented. _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Sun Mar 16 00:35:56 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2FNZQjK021378; Sun, 16 Mar 2014 00:35:49 +0100 Received: from mx.uxnr.de (mx.uxnr.de [89.238.84.47]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2FNZNMN021352 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 16 Mar 2014 00:35:24 +0100 Received: from [10.2.1.152] (MH02.ma01.uxnr.net [10.2.1.152]) by mx.uxnr.de (Postfix) with ESMTPSA id CA339377BDD for ; Sun, 16 Mar 2014 00:35:16 +0100 (CET) X-DKIM: OpenDKIM Filter v2.6.8 mx.uxnr.de CA339377BDD DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=marc-hoersken.de; s=picard; t=1394926522; bh=xifeEF3ccewlRGEULYc/H7xzhIai7KejLvTe1iwH9vU=; h=Date:From:To:Subject:References:In-Reply-To:From; b=CyUVqJEqpmwAE01X1QvyTZ9s0volJQ1xAZN9Uy/gkXj7/dzLXq+jJ04kD/mvcBOwY 2iXvNG+CSLiz1qWuGCsFCAlstl835Xb6D0VQeT5aXXlV2BXJ6CAKh0AbJqdp7VfGeW qNYIV5/ciujsprpN1TsonE/mUstCXY3/zZVTvkJw= Message-ID: <5324E3A5.1010606@marc-hoersken.de> Date: Sun, 16 Mar 2014 00:35:01 +0100 From: Marc Hoersken User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: libssh2 development Subject: Re: [PATCH] Added Windows Cryptography API: Next Generation backend References: <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20131113020632.28469.qmail@stuge.se> <52895481.30407@marc-hoersken.de> <531B1EDD.4050804@marc-hoersken.de> <5320D009.2000901@marc-hoersken.de> <20140313193952.6739.qmail@stuge.se> In-Reply-To: <20140313193952.6739.qmail@stuge.se> X-Enigmail-Version: 1.6 Content-Type: multipart/mixed; boundary="------------040406070908010506050901" X-Spam-Status: No, score=-1.1 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU autolearn=unavailable version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on picard.vpn.uxnr.de X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" This is a multi-part message in MIME format. --------------040406070908010506050901 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello everyone, On 13.03.2014 20:39, Peter Stuge wrote: > Yes, we should find a solution for this. Marc, did you notice if > there *is* a reason not to always compile those first functions? > Let's see if we can hammer this one out. no, I did not find a reason not to always compile those functions. Attached you will find patch 0002 which removes the ifdef-checks before the WinCNG patch. > Yes, I overlooked the define. :( Please have a look at the attached > patch. If you think it's OK I'll push it. It's much better than my initial patch, thanks. Since I had some trouble with your patch using CRLF line endings for all files, even the non-Windows specific ones, I reformatted the patch using msysgit and the latest master branch with core.autocrlf being false. Please see attached patch 0001. I also found a warning while compiling with the win32/GNUmakefile, please see attached patch 0003. It would be great if you could merge these patches, so I can rebase the WinCNG patch onto them. Thanks in advance. Best regards, Marc --------------040406070908010506050901 Content-Type: text/plain; charset=windows-1252; name="0001-Fix-non-autotools-builds-Always-define-the-LIBSSH2_O.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename*0="0001-Fix-non-autotools-builds-Always-define-the-LIBSSH2_O.pa"; filename*1="tch" RnJvbSBmNWI1YjdjMjQ5MmVkNDE1YmQxMDg4NmRiZWZkYmYzMDEyOWUyNDQ4IE1vbiBTZXAg MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQZXRlciBTdHVnZSA8cGV0ZXJAc3R1Z2Uuc2U+CkRh dGU6IFRodSwgMTMgTWFyIDIwMTQgMjA6MzA6MzIgKzAxMDAKU3ViamVjdDogW1BBVENIIDEv M10gRml4IG5vbi1hdXRvdG9vbHMgYnVpbGRzOiBBbHdheXMgZGVmaW5lIHRoZQogTElCU1NI Ml9PUEVOU1NMIENQUCBtYWNybwpNSU1FLVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6IHRl eHQvcGxhaW47IGNoYXJzZXQ9VVRGLTgKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJp dAoKQ29tbWl0IGQ1MTJiMjVmNjlhMWI2Nzc4ODgxZjZiNGI1ZmY5Y2ZjNjAyM2JlNDIgaW50 cm9kdWNlZCBhIGNyeXB0bwpsaWJyYXJ5IGFic3RyYWN0aW9uIGluIHRoZSBhdXRvdG9vbHMg YnVpbGQgc3lzdGVtLCB0byBhbGxvdyB1cyB0byBtb3JlCmVhc2lseSBzdXBwb3J0IG5ldyBj cnlwdG8gbGlicmFyaWVzLiBJbiB0aGF0IHByb2Nlc3MgaXQgd2FzIGZvdW5kIHRoYXQKYWxs IG90aGVyIGJ1aWxkIHN5c3RlbSB3aGljaCB3ZSBzdXBwb3J0IGFyZSBoYXJkLWNvZGVkIHRv IGJ1aWxkIHdpdGgKT3BlblNTTC4gQ29tbWl0IGY1YzFhMGQ5OGJkNTFhZWIyNGFjYTNkNDlj N2M4MWRjZjhiZDg1OGQgZml4ZXMgYXV0b21ha2UKaW50cm9kdWNlZCBpbnRvIG5vbi1hdXRv dG9vbHMgYnVpbGQgc3lzdGVtcyBidXQgc3RpbGwgb3Zlcmxvb2tlZCB0aGUKQ1BQIG1hY3Jv IHNheWluZyB0aGF0IHdlIGFyZSB1c2luZyBPcGVuU1NMLgoKVGhhbmtzIHRvIE1hcmMgSMO2 cnNrZW4gZm9yIGlkZW50aWZ5aW5nIHRoaXMgaXNzdWUgYW5kIHByb3Bvc2luZyBhIGZpeApm b3Igd2luMzIve0dOVW1ha2VmaWxlLGNvbmZpZy5ta30uIFRoaXMgY29tbWl0IHVzZXMgYSBz bGlnaHRseSBkaWZmZXJlbnQKYXBwcm9hY2ggYnV0IHRoZSBlbmQgcmVzdWx0IGlzIHRoZSBz YW1lLgotLS0KIG53L0dOVW1ha2VmaWxlICAgICAgICB8ICAxICsKIHdpbjMyL0dOVW1ha2Vm aWxlICAgICB8ICAxICsKIHdpbjMyL01ha2VmaWxlLldhdGNvbSB8ICAxICsKIHdpbjMyL2Nv bmZpZy5tayAgICAgICB8ICAyICstCiB3aW4zMi9tc3ZjcHJvai5oZWFkICAgfCAxNyArKysr KysrKystLS0tLS0tLQogNSBmaWxlcyBjaGFuZ2VkLCAxMyBpbnNlcnRpb25zKCspLCA5IGRl bGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL253L0dOVW1ha2VmaWxlIGIvbncvR05VbWFrZWZp bGUKaW5kZXggZTY2NmUyOS4uMGZkZTQ1YSAxMDA2NDQKLS0tIGEvbncvR05VbWFrZWZpbGUK KysrIGIvbncvR05VbWFrZWZpbGUKQEAgLTIxNCw2ICsyMTQsNyBAQCBlbmRpZgogdnBhdGgg JS5jIC4gLi4vc3JjCiAKICMgb25seSBPcGVuU1NMIGlzIHN1cHBvcnRlZCB3aXRoIHRoaXMg YnVpbGQgc3lzdGVtCitDRkxBR1MgKz0gLURMSUJTU0gyX09QRU5TU0wKIGluY2x1ZGUgLi4v TWFrZWZpbGUuT3BlblNTTC5pbmMKIAogIyBpbmNsdWRlIE1ha2VmaWxlLmluYyB0byBnZXQg Q1NPVVJDRVMgZGVmaW5lCmRpZmYgLS1naXQgYS93aW4zMi9HTlVtYWtlZmlsZSBiL3dpbjMy L0dOVW1ha2VmaWxlCmluZGV4IGMwY2MyMGEuLjkwZTA2ZDQgMTAwNjQ0Ci0tLSBhL3dpbjMy L0dOVW1ha2VmaWxlCisrKyBiL3dpbjMyL0dOVW1ha2VmaWxlCkBAIC0xODAsNiArMTgwLDcg QEAgQ0ZMQUdTCSs9ICQoSU5DTFVERVMpCiB2cGF0aCAlLmMgLiAuLi9zcmMKIAogIyBvbmx5 IE9wZW5TU0wgaXMgc3VwcG9ydGVkIHdpdGggdGhpcyBidWlsZCBzeXN0ZW0KK0NGTEFHUyAr PSAtRExJQlNTSDJfT1BFTlNTTAogaW5jbHVkZSAuLi9NYWtlZmlsZS5PcGVuU1NMLmluYwog CiAjIGluY2x1ZGUgTWFrZWZpbGUuaW5jIHRvIGdldCBDU09VUkNFUyBkZWZpbmUKZGlmZiAt LWdpdCBhL3dpbjMyL01ha2VmaWxlLldhdGNvbSBiL3dpbjMyL01ha2VmaWxlLldhdGNvbQpp bmRleCA1ODQ3Y2Y3Li5mMGYwNDA4IDEwMDY0NAotLS0gYS93aW4zMi9NYWtlZmlsZS5XYXRj b20KKysrIGIvd2luMzIvTWFrZWZpbGUuV2F0Y29tCkBAIC05NCw2ICs5NCw3IEBAIExJQl9B UkcgID0gJChPQkpfQkFTRSlcc3RhdFx3bGliLmFyZwogIWVycm9yIFlvdSBNVVNUIGNhbGwg d21ha2Ugd2l0aCB0aGUgLXUgc3dpdGNoIQogIWVsc2UKICMgb25seSBPcGVuU1NMIGlzIHN1 cHBvcnRlZCB3aXRoIHRoaXMgYnVpbGQgc3lzdGVtCitDRkxBR1MgKz0gLWRMSUJTU0gyX09Q RU5TU0wKICFpbmNsdWRlIC4uXE1ha2VmaWxlLk9wZW5TU0wuaW5jCiAhaW5jbHVkZSAuLlxN YWtlZmlsZS5pbmMKICFlbmRpZgpkaWZmIC0tZ2l0IGEvd2luMzIvY29uZmlnLm1rIGIvd2lu MzIvY29uZmlnLm1rCmluZGV4IDRjOGViMmEuLmYwZTUxNGEgMTAwNjQ0Ci0tLSBhL3dpbjMy L2NvbmZpZy5taworKysgYi93aW4zMi9jb25maWcubWsKQEAgLTI5LDcgKzI5LDcgQEAgQ1BQ RkxBR1M9L09pIC9PMiAvT3kgL0dGIC9ZLSAvTUQgL0ROREVCVUcKIERMTEZMQUdTPS9ERUJV RyAvTEQKICFlbmRpZgogCi1DUFBGTEFHUz0vbm9sb2dvIC9HTCAvWmkgL0VIc2MgJChDUFBG TEFHUykgL0l3aW4zMiAvSWluY2x1ZGUgL0kkKE9QRU5TU0xJTkMpICQoWkxJQklOQykKK0NQ UEZMQUdTPS9ub2xvZ28gL0dMIC9aaSAvRUhzYyAkKENQUEZMQUdTKSAvSXdpbjMyIC9JaW5j bHVkZSAvRExJQlNTSDJfT1BFTlNTTCAvSSQoT1BFTlNTTElOQykgJChaTElCSU5DKQogQ0ZM QUdTPSQoQ1BQRkxBR1MpCiBSQ0ZMQUdTPS9JaW5jbHVkZQogRExMRkxBR1M9JChDRkxBR1Mp ICQoRExMRkxBR1MpCmRpZmYgLS1naXQgYS93aW4zMi9tc3ZjcHJvai5oZWFkIGIvd2luMzIv bXN2Y3Byb2ouaGVhZAppbmRleCBkZWQ2MzQzLi5lZGE1MDIxIDEwMDY0NAotLS0gYS93aW4z Mi9tc3ZjcHJvai5oZWFkCisrKyBiL3dpbjMyL21zdmNwcm9qLmhlYWQKQEAgLTEsNiArMSw3 IEBACiAjIE1pY3Jvc29mdCBEZXZlbG9wZXIgU3R1ZGlvIFByb2plY3QgRmlsZSAtIE5hbWU9 ImxpYnNzaDIiIC0gUGFja2FnZSBPd25lcj08ND4NCiAjIE1pY3Jvc29mdCBEZXZlbG9wZXIg U3R1ZGlvIEdlbmVyYXRlZCBCdWlsZCBGaWxlLCBGb3JtYXQgVmVyc2lvbiA2LjAwDQogIyAq KiBETyBOT1QgRURJVCAqKg0KKyMgb25seSBPcGVuU1NMIGlzIHN1cHBvcnRlZCB3aXRoIHRo aXMgYnVpbGQgc3lzdGVtCiANCiAjIFRBUkdUWVBFICJXaW4zMiAoeDg2KSBEeW5hbWljLUxp bmsgTGlicmFyeSIgMHgwMTAyDQogIyBUQVJHVFlQRSAiV2luMzIgKHg4NikgU3RhdGljIExp YnJhcnkiIDB4MDEwNA0KQEAgLTQ1LDggKzQ2LDggQEAgUlNDPXJjLmV4ZQogIyBQUk9QIElu dGVybWVkaWF0ZV9EaXIgIlJlbGVhc2VfZGxsIg0KICMgUFJPUCBJZ25vcmVfRXhwb3J0X0xp YiAwDQogIyBQUk9QIFRhcmdldF9EaXIgIiINCi0jIEFERCBCQVNFIENQUCAvbm9sb2dvIC9X MyAvR1ggL08yIC9EICJXSU4zMiIgL0QgIk5ERUJVRyIgL0QgIkxJQlNTSDJfV0lOMzIiIC9E ICJfTUJDUyIgL0QgIl9MSUIiIC9ZWCAvRkQgL2MNCi0jIEFERCBDUFAgL25vbG9nbyAvTUQg L1czIC9HWCAvTzIgL0kgIi4uXHdpbjMyIiAvSSAiLi5caW5jbHVkZSIgL0QgIldJTjMyIiAv RCAiTkRFQlVHIiAvRCAiTElCU1NIMl9XSU4zMiIgL0QgIl9NQkNTIiAvRCAiX0xJQiIgL1lY IC9GRCAvYw0KKyMgQUREIEJBU0UgQ1BQIC9ub2xvZ28gL1czIC9HWCAvTzIgL0QgIldJTjMy IiAvRCAiTkRFQlVHIiAvRCAiTElCU1NIMl9XSU4zMiIgL0QgIkxJQlNTSDJfT1BFTlNTTCIg L0QgIl9NQkNTIiAvRCAiX0xJQiIgL1lYIC9GRCAvYworIyBBREQgQ1BQIC9ub2xvZ28gL01E IC9XMyAvR1ggL08yIC9JICIuLlx3aW4zMiIgL0kgIi4uXGluY2x1ZGUiIC9EICJXSU4zMiIg L0QgIk5ERUJVRyIgL0QgIkxJQlNTSDJfV0lOMzIiIC9EICJMSUJTU0gyX09QRU5TU0wiIC9E ICJfTUJDUyIgL0QgIl9MSUIiIC9ZWCAvRkQgL2MKICMgU1VCVFJBQ1QgQ1BQIC9ZWA0KICMg QUREIEJBU0UgTVRMIC9ub2xvZ28gL0QgIk5ERUJVRyIgL21rdHlwbGliMjAzIC93aW4zMg0K ICMgQUREIE1UTCAvbm9sb2dvIC9EICJOREVCVUciIC9ta3R5cGxpYjIwMyAvd2luMzINCkBA IC03Miw4ICs3Myw4IEBAIExJTkszMj1saW5rLmV4ZQogIyBQUk9QIEludGVybWVkaWF0ZV9E aXIgIkRlYnVnX2RsbCINCiAjIFBST1AgSWdub3JlX0V4cG9ydF9MaWIgMA0KICMgUFJPUCBU YXJnZXRfRGlyICIiDQotIyBBREQgQkFTRSBDUFAgL25vbG9nbyAvVzMgL0dtIC9HWCAvWkkg L09kIC9EICJXSU4zMiIgL0QgIl9ERUJVRyIgL0QgIkxJQlNTSDJfV0lOMzIiIC9EICJfTUJD UyIgL0QgIl9MSUIiIC9ZWCAvRkQgL0daIC9jDQotIyBBREQgQ1BQIC9ub2xvZ28gL01EIC9X MyAvR20gL0dYIC9aSSAvT2QgL0kgIi4uXHdpbjMyIiAvSSAiLi5caW5jbHVkZSIgL0QgIldJ TjMyIiAvRCAiX0RFQlVHIiAvRCAiTElCU1NIMl9XSU4zMiIgL0QgIl9NQkNTIiAvRCAiX0xJ QiIgL0QgIkxJQlNTSDJERUJVRyIgL1lYIC9GRCAvR1ogL2MNCisjIEFERCBCQVNFIENQUCAv bm9sb2dvIC9XMyAvR20gL0dYIC9aSSAvT2QgL0QgIldJTjMyIiAvRCAiX0RFQlVHIiAvRCAi TElCU1NIMl9XSU4zMiIgL0QgIkxJQlNTSDJfT1BFTlNTTCIgL0QgIl9NQkNTIiAvRCAiX0xJ QiIgL1lYIC9GRCAvR1ogL2MKKyMgQUREIENQUCAvbm9sb2dvIC9NRCAvVzMgL0dtIC9HWCAv WkkgL09kIC9JICIuLlx3aW4zMiIgL0kgIi4uXGluY2x1ZGUiIC9EICJXSU4zMiIgL0QgIl9E RUJVRyIgL0QgIkxJQlNTSDJfV0lOMzIiIC9EICJMSUJTU0gyX09QRU5TU0wiIC9EICJfTUJD UyIgL0QgIl9MSUIiIC9EICJMSUJTU0gyREVCVUciIC9ZWCAvRkQgL0daIC9jCiAjIFNVQlRS QUNUIENQUCAvV1ggL1lYDQogIyBBREQgQkFTRSBNVEwgL25vbG9nbyAvRCAiX0RFQlVHIiAv bWt0eXBsaWIyMDMgL3dpbjMyDQogIyBBREQgTVRMIC9ub2xvZ28gL0QgIl9ERUJVRyIgL21r dHlwbGliMjAzIC93aW4zMg0KQEAgLTk5LDggKzEwMCw4IEBAIExJTkszMj1saW5rLmV4ZQog IyBQUk9QIE91dHB1dF9EaXIgIlJlbGVhc2VfbGliIg0KICMgUFJPUCBJbnRlcm1lZGlhdGVf RGlyICJSZWxlYXNlX2xpYiINCiAjIFBST1AgVGFyZ2V0X0RpciAiIg0KLSMgQUREIEJBU0Ug Q1BQIC9ub2xvZ28gL1czIC9HWCAvTzIgL0QgIldJTjMyIiAvRCAiTkRFQlVHIiAvRCAiTElC U1NIMl9XSU4zMiIgL0QgIl9NQkNTIiAvRCAiX0xJQiIgL1lYIC9GRCAvYw0KLSMgQUREIENQ UCAvbm9sb2dvIC9NRCAvVzMgL0dYIC9PMiAvSSAiLi5cd2luMzIiIC9JICIuLlxpbmNsdWRl IiAvRCAiV0lOMzIiIC9EICJOREVCVUciIC9EICJMSUJTU0gyX1dJTjMyIiAvRCAiX01CQ1Mi IC9EICJfTElCIiAvWVggL0ZEIC9jDQorIyBBREQgQkFTRSBDUFAgL25vbG9nbyAvVzMgL0dY IC9PMiAvRCAiV0lOMzIiIC9EICJOREVCVUciIC9EICJMSUJTU0gyX1dJTjMyIiAvRCAiTElC U1NIMl9PUEVOU1NMIiAvRCAiX01CQ1MiIC9EICJfTElCIiAvWVggL0ZEIC9jCisjIEFERCBD UFAgL25vbG9nbyAvTUQgL1czIC9HWCAvTzIgL0kgIi4uXHdpbjMyIiAvSSAiLi5caW5jbHVk ZSIgL0QgIldJTjMyIiAvRCAiTkRFQlVHIiAvRCAiTElCU1NIMl9XSU4zMiIgL0QgIkxJQlNT SDJfT1BFTlNTTCIgL0QgIl9NQkNTIiAvRCAiX0xJQiIgL1lYIC9GRCAvYwogIyBBREQgQkFT RSBSU0MgL2wgMHg0MDkgL2QgIk5ERUJVRyINCiAjIEFERCBSU0MgL2wgMHg0MDkgL2QgIk5E RUJVRyINCiBCU0MzMj1ic2NtYWtlLmV4ZQ0KQEAgLTEyMyw4ICsxMjQsOCBAQCBMSUIzMj1s aW5rLmV4ZSAtbGliCiAjIFBST1AgT3V0cHV0X0RpciAiRGVidWdfbGliIg0KICMgUFJPUCBJ bnRlcm1lZGlhdGVfRGlyICJEZWJ1Z19saWIiDQogIyBQUk9QIFRhcmdldF9EaXIgIiINCi0j IEFERCBCQVNFIENQUCAvbm9sb2dvIC9XMyAvR20gL0dYIC9aSSAvT2QgL0QgIldJTjMyIiAv RCAiX0RFQlVHIiAvRCAiTElCU1NIMl9XSU4zMiIgL0QgIl9NQkNTIiAvRCAiX0xJQiIgL1lY IC9GRCAvR1ogL2MNCi0jIEFERCBDUFAgL25vbG9nbyAvTUQgL1czIC9HbSAvR1ggL1pJIC9P ZCAvSSAiLi5cd2luMzIiIC9JICIuLlxpbmNsdWRlIiAvRCAiV0lOMzIiIC9EICJfREVCVUci IC9EICJMSUJTU0gyX1dJTjMyIiAvRCAiX01CQ1MiIC9EICJfTElCIiAvRCAiTElCU1NIMkRF QlVHIiAvWVggL0ZEIC9HWiAvYw0KKyMgQUREIEJBU0UgQ1BQIC9ub2xvZ28gL1czIC9HbSAv R1ggL1pJIC9PZCAvRCAiV0lOMzIiIC9EICJfREVCVUciIC9EICJMSUJTU0gyX1dJTjMyIiAv RCAiTElCU1NIMl9PUEVOU1NMIiAvRCAiX01CQ1MiIC9EICJfTElCIiAvWVggL0ZEIC9HWiAv YworIyBBREQgQ1BQIC9ub2xvZ28gL01EIC9XMyAvR20gL0dYIC9aSSAvT2QgL0kgIi4uXHdp bjMyIiAvSSAiLi5caW5jbHVkZSIgL0QgIldJTjMyIiAvRCAiX0RFQlVHIiAvRCAiTElCU1NI Ml9XSU4zMiIgL0QgIkxJQlNTSDJfT1BFTlNTTCIgL0QgIl9NQkNTIiAvRCAiX0xJQiIgL0Qg IkxJQlNTSDJERUJVRyIgL1lYIC9GRCAvR1ogL2MKICMgQUREIEJBU0UgUlNDIC9sIDB4NDA5 IC9kICJfREVCVUciDQogIyBBREQgUlNDIC9sIDB4NDA5IC9kICJfREVCVUciDQogQlNDMzI9 YnNjbWFrZS5leGUNCi0tIAoxLjguMS5tc3lzZ2l0LjEKCg== --------------040406070908010506050901 Content-Type: text/plain; charset=windows-1252; name="0002-pem.c-always-compile-pem.c-independently-of-crypto-b.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0002-pem.c-always-compile-pem.c-independently-of-crypto-b.pa"; filename*1="tch" From 085f86203f0c4b1f067b2d1b8718dffadb0a4fcf Mon Sep 17 00:00:00 2001 From: Marc Hoersken Date: Sun, 16 Mar 2014 00:25:09 +0100 Subject: [PATCH 2/3] pem.c: always compile pem.c independently of crypto backend --- src/pem.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/pem.c b/src/pem.c index 5749bc8..9059477 100644 --- a/src/pem.c +++ b/src/pem.c @@ -38,8 +38,6 @@ #include "libssh2_priv.h" -#ifdef LIBSSH2_LIBGCRYPT /* compile only if we build with libgcrypt */ - static int readline(char *line, int line_size, FILE * fp) { @@ -209,5 +207,3 @@ _libssh2_pem_decode_integer(unsigned char **data, unsigned int *datalen, return 0; } - -#endif /* LIBSSH2_LIBGCRYPT */ -- 1.8.1.msysgit.1 --------------040406070908010506050901 Content-Type: text/plain; charset=windows-1252; name="0003-knownhost.c-fixed-that-key_type_len-may-be-used-unin.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0003-knownhost.c-fixed-that-key_type_len-may-be-used-unin.pa"; filename*1="tch" From 40e528316aac8208d5e860581f773c588112cbdd Mon Sep 17 00:00:00 2001 From: Marc Hoersken Date: Sun, 16 Mar 2014 00:26:28 +0100 Subject: [PATCH 3/3] knownhost.c: fixed that 'key_type_len' may be used uninitialized ../src/knownhost.c: In function 'libssh2_knownhost_readline': ../src/knownhost.c:651:16: warning: 'key_type_len' may be used uninitialized in this function [-Wmaybe-uninitialized] rc = knownhost_add(hosts, hostbuf, NULL, ^ ../src/knownhost.c:745:12: note: 'key_type_len' was declared here size_t key_type_len; ^ --- src/knownhost.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/knownhost.c b/src/knownhost.c index 9537d9e..9b3b79a 100644 --- a/src/knownhost.c +++ b/src/knownhost.c @@ -742,7 +742,7 @@ static int hostline(LIBSSH2_KNOWNHOSTS *hosts, const char *comment = NULL; const char *key_type_name = NULL; size_t commentlen = 0; - size_t key_type_len; + size_t key_type_len = 0; int key_type; /* make some checks that the lengths seem sensible */ -- 1.8.1.msysgit.1 --------------040406070908010506050901 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel --------------040406070908010506050901-- From libssh2-devel-bounces@cool.haxx.se Sun Mar 16 02:36:53 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2G1aVqs003846; Sun, 16 Mar 2014 02:36:51 +0100 Received: from mx.uxnr.de (mx.uxnr.de [89.238.84.47]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2G1aTbe003837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 16 Mar 2014 02:36:29 +0100 Received: from [10.2.1.152] (MH02.ma01.uxnr.net [10.2.1.152]) by mx.uxnr.de (Postfix) with ESMTPSA id 9E5A6377BDD for ; Sun, 16 Mar 2014 02:35:45 +0100 (CET) X-DKIM: OpenDKIM Filter v2.6.8 mx.uxnr.de 9E5A6377BDD DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=marc-hoersken.de; s=picard; t=1394933788; bh=a8i7KUiKIryoweuLNvJtcixVyhNHJvyQEE5FmcrgOHw=; h=Date:From:To:Subject:References:In-Reply-To:From; b=xcBkEN2SHYrcpEb3x7CdLLfKm2JZB+aUuI4OLhX/matD8MRm/UsmopFNzWI6xpeVW 93okSeYyGyovnHm+ex5ibQ9kCL9bnaIHwltfKt45hfMe+FVgMhK1v9f1pGuEPGFuQE HGacHU0SNLvBlIFzItgNBOWGrZS93gTevR8upF0w= Message-ID: <5324FFE3.40106@marc-hoersken.de> Date: Sun, 16 Mar 2014 02:35:31 +0100 From: Marc Hoersken User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: libssh2 development Subject: Re: [PATCH] Added Windows Cryptography API: Next Generation backend References: <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20130922151824.23037.qmail@stuge.se> <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20131113020632.28469.qmail@stuge.se> <52895481.30407@marc-hoersken.de> <531B1EDD.4050804@marc-hoersken.de>

<532217AD.4060203@marc-hoersken.de>

In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: multipart/mixed; boundary="------------020501080002050005000506" X-Spam-Status: No, score=-1.1 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU autolearn=unavailable version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on picard.vpn.uxnr.de X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" This is a multi-part message in MIME format. --------------020501080002050005000506 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi Bob, On 14.03.2014 21:24, Bob Kast wrote: > I tried it on a known good SFTP account and it works fine so far! great to hear that WinCNG works for you now. :-) > I checked out the latest and applied your patches and got Visual Studio 2013 > to work with it (notice .sln/.vcxproj files). I have 2 platforms (x64 and > x86), and 4 configurations (LIB Debug, LIB Release, DLL Debug, DLL Release). > I fixed the warnings for x86 compiles. There are lots more on x64 (the main > reason: on WIN64 size_t is a 64 bit type) and didn't deal with them yet. Thanks for fixing these within the patch you send, but I would kindly like to ask you to put individual and independent fixes into separate patches and post them to a separate thread on this mailinglist. This allows me to keep track of changes to the WinCNG code separately and other people can merge your general fixes without having to look through all the WinCNG code. > I attached my patches. Thanks for your contribution of these fixes. I integrated some of your findings into the latest WinCNG branch within my personal development repository on GitHub: https://github.com/mback2k/libssh2/tree/wincng-rc4 You can see the history of the individual changes for rc4 here: https://github.com/mback2k/libssh2/tree/wincng-dev3 Keep in mind that those personal branches are moving targets and could be rebased or moved around at all times. Regarding your changes to the Windows makefiles and VS project files: I guess we will have to restructure and improve them anyway, since they currently only support the OpenSSL backend. Just replacing OpenSSL with WinCNG might be a solution for your local build environment, but I think that is not something that can be put into the main repository since it would break backwards compatibility. > A couple of notes: > > _LIBSSH2_SESSION::scpRecv_mode (long) is assigned to struct stat::st_mode > (unsigned short) Are they supposed to be the same type? Please create a separate thread for this topic by sending a completely independent mail, e.g. do not reply to mails from this thread. > In _libssh2_wincng_bignum_set_word() the local variable "bits" was never > initialized. I assume it is supposed to be initialized to 0. Thanks, I included a slightly different fix in my latest branch. Attached is the latest patch created from my wincng-rc4 branch which is based upon the fixes from the following mail: http://libssh2.org/mail/libssh2-devel-archive-2014-03/0013.shtml Best regards, Marc --------------020501080002050005000506 Content-Type: text/plain; charset=windows-1252; name="0001-Added-Windows-Cryptography-API-Next-Generation-based.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0001-Added-Windows-Cryptography-API-Next-Generation-based.pa"; filename*1="tch" From bafb8a9b32dbd14319f1310054297b453a9697d7 Mon Sep 17 00:00:00 2001 From: Marc Hoersken Date: Sun, 16 Mar 2014 02:00:17 +0100 Subject: [PATCH] Added Windows Cryptography API: Next Generation based backend --- Makefile.WinCNG.inc | 2 + configure.ac | 34 +- src/Makefile.am | 3 + src/crypto.h | 4 + src/wincng.c | 1785 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/wincng.h | 327 ++++++++++ 6 files changed, 2153 insertions(+), 2 deletions(-) create mode 100644 Makefile.WinCNG.inc create mode 100644 src/wincng.c create mode 100644 src/wincng.h diff --git a/Makefile.WinCNG.inc b/Makefile.WinCNG.inc new file mode 100644 index 0000000..c18350e --- /dev/null +++ b/Makefile.WinCNG.inc @@ -0,0 +1,2 @@ +CRYPTO_CSOURCES = wincng.c +CRYPTO_HHEADERS = wincng.h diff --git a/configure.ac b/configure.ac index b24ace2..ba4dd7a 100644 --- a/configure.ac +++ b/configure.ac @@ -89,6 +89,9 @@ AC_ARG_WITH(openssl, AC_ARG_WITH(libgcrypt, AC_HELP_STRING([--with-libgcrypt],[Use libgcrypt for crypto]), use_libgcrypt=$withval,use_libgcrypt=auto) +AC_ARG_WITH(wincng, + AC_HELP_STRING([--with-wincng],[Use Windows CNG for crypto]), + use_wincng=$withval,use_wincng=auto) AC_ARG_WITH(libz, AC_HELP_STRING([--with-libz],[Use zlib for compression]), use_libz=$withval,use_libz=auto) @@ -125,10 +128,37 @@ if test "$ac_cv_libgcrypt" = "yes"; then fi AM_CONDITIONAL(LIBGCRYPT, test "$ac_cv_libgcrypt" = "yes") +# Look for Windows Cryptography API: Next Generation +if test "$found_crypto" = "none" && test "$use_wincng" != "no"; then + AC_LIB_HAVE_LINKFLAGS([bcrypt], [], [ + #include + #include + ]) + AC_LIB_HAVE_LINKFLAGS([crypt32], [], [ + #include + #include + ]) + AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [ + #include + ]) +fi +if test "$ac_cv_libbcrypt" = "yes"; then + AC_DEFINE(LIBSSH2_WINCNG, 1, [Use Windows CNG]) + LIBSREQUIRED= # wincng doesn't provide a .pc file. sad face. + LIBS="$LIBS -lbcrypt" + if test "$ac_cv_libcrypt32" = "yes"; then + LIBS="$LIBS -lcrypt32" + fi + found_crypto="Windows Cryptography API: Next Generation" +fi +AM_CONDITIONAL(WINCNG, test "$ac_cv_libbcrypt" = "yes") + +# Check if crypto library was found if test "$found_crypto" = "none"; then AC_MSG_ERROR([No crypto library found! -Try --with-libssl-prefix=PATH\ - or --with-libgcrypt-prefix=PATH\ +Try --with-libssl-prefix=PATH + or --with-libgcrypt-prefix=PATH + or --with-wincng on Windows\ ]) fi diff --git a/src/Makefile.am b/src/Makefile.am index da7beb5..5979a27 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -8,6 +8,9 @@ endif if LIBGCRYPT include ../Makefile.libgcrypt.inc endif +if WINCNG +include ../Makefile.WinCNG.inc +endif # Makefile.inc provides the CSOURCES and HHEADERS defines include ../Makefile.inc diff --git a/src/crypto.h b/src/crypto.h index 9a052e3..a615bb1 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -46,6 +46,10 @@ #include "libgcrypt.h" #endif +#ifdef LIBSSH2_WINCNG +#include "wincng.h" +#endif + int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa, const unsigned char *edata, unsigned long elen, diff --git a/src/wincng.c b/src/wincng.c new file mode 100644 index 0000000..398fe89 --- /dev/null +++ b/src/wincng.c @@ -0,0 +1,1785 @@ +/* + * Copyright (C) 2013-2014 Marc Hoersken + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" + +#ifdef LIBSSH2_WINCNG /* compile only if we build with wincng */ + +#include + +#ifdef HAVE_STDLIB_H +#include +#endif +#ifdef HAVE_LIBCRYPT32 +#include +#endif + + +/*******************************************************************/ +/* + * Windows CNG backend: Missing definitions (for MinGW[-w64]) + */ +#ifndef BCRYPT_RNG_ALGORITHM +#define BCRYPT_RNG_ALGORITHM L"RNG" +#endif + +#ifndef BCRYPT_MD5_ALGORITHM +#define BCRYPT_MD5_ALGORITHM L"MD5" +#endif + +#ifndef BCRYPT_SHA1_ALGORITHM +#define BCRYPT_SHA1_ALGORITHM L"SHA1" +#endif + +#ifndef BCRYPT_RSA_ALGORITHM +#define BCRYPT_RSA_ALGORITHM L"RSA" +#endif + +#ifndef BCRYPT_DSA_ALGORITHM +#define BCRYPT_DSA_ALGORITHM L"DSA" +#endif + +#ifndef BCRYPT_AES_ALGORITHM +#define BCRYPT_AES_ALGORITHM L"AES" +#endif + +#ifndef BCRYPT_RC4_ALGORITHM +#define BCRYPT_RC4_ALGORITHM L"RC4" +#endif + +#ifndef BCRYPT_3DES_ALGORITHM +#define BCRYPT_3DES_ALGORITHM L"3DES" +#endif + +#ifndef BCRYPT_ALG_HANDLE_HMAC_FLAG +#define BCRYPT_ALG_HANDLE_HMAC_FLAG 0x00000008 +#endif + +#ifndef BCRYPT_DSA_PUBLIC_BLOB +#define BCRYPT_DSA_PUBLIC_BLOB L"DSAPUBLICBLOB" +#endif + +#ifndef BCRYPT_DSA_PUBLIC_MAGIC +#define BCRYPT_DSA_PUBLIC_MAGIC 0x42505344 /* DSPB */ +#endif + +#ifndef BCRYPT_DSA_PRIVATE_BLOB +#define BCRYPT_DSA_PRIVATE_BLOB L"DSAPRIVATEBLOB" +#endif + +#ifndef BCRYPT_DSA_PRIVATE_MAGIC +#define BCRYPT_DSA_PRIVATE_MAGIC 0x56505344 /* DSPV */ +#endif + +#ifndef BCRYPT_RSAPUBLIC_BLOB +#define BCRYPT_RSAPUBLIC_BLOB L"RSAPUBLICBLOB" +#endif + +#ifndef BCRYPT_RSAPUBLIC_MAGIC +#define BCRYPT_RSAPUBLIC_MAGIC 0x31415352 /* RSA1 */ +#endif + +#ifndef BCRYPT_RSAFULLPRIVATE_BLOB +#define BCRYPT_RSAFULLPRIVATE_BLOB L"RSAFULLPRIVATEBLOB" +#endif + +#ifndef BCRYPT_RSAFULLPRIVATE_MAGIC +#define BCRYPT_RSAFULLPRIVATE_MAGIC 0x33415352 /* RSA3 */ +#endif + +#ifndef BCRYPT_KEY_DATA_BLOB +#define BCRYPT_KEY_DATA_BLOB L"KeyDataBlob" +#endif + +#ifndef BCRYPT_MESSAGE_BLOCK_LENGTH +#define BCRYPT_MESSAGE_BLOCK_LENGTH L"MessageBlockLength" +#endif + +#ifndef BCRYPT_NO_KEY_VALIDATION +#define BCRYPT_NO_KEY_VALIDATION 0x00000008 +#endif + +#ifndef BCRYPT_BLOCK_PADDING +#define BCRYPT_BLOCK_PADDING 0x00000001 +#endif + +#ifndef BCRYPT_PAD_NONE +#define BCRYPT_PAD_NONE 0x00000001 +#endif + +#ifndef BCRYPT_PAD_PKCS1 +#define BCRYPT_PAD_PKCS1 0x00000002 +#endif + +#ifndef BCRYPT_PAD_OAEP +#define BCRYPT_PAD_OAEP 0x00000004 +#endif + +#ifndef BCRYPT_PAD_PSS +#define BCRYPT_PAD_PSS 0x00000008 +#endif + +#ifndef CRYPT_STRING_ANY +#define CRYPT_STRING_ANY 0x00000007 +#endif + +#ifndef LEGACY_RSAPRIVATE_BLOB +#define LEGACY_RSAPRIVATE_BLOB L"CAPIPRIVATEBLOB" +#endif + +#ifndef PKCS_RSA_PRIVATE_KEY +#define PKCS_RSA_PRIVATE_KEY (LPCSTR)43 +#endif + + +/*******************************************************************/ +/* + * Windows CNG backend: Generic functions + */ + +void +_libssh2_wincng_init(void) +{ + int ret; + + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgRNG, + BCRYPT_RNG_ALGORITHM, NULL, 0); + + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHashMD5, + BCRYPT_MD5_ALGORITHM, NULL, 0); + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHashSHA1, + BCRYPT_SHA1_ALGORITHM, NULL, 0); + + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHmacMD5, + BCRYPT_MD5_ALGORITHM, NULL, + BCRYPT_ALG_HANDLE_HMAC_FLAG); + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHmacSHA1, + BCRYPT_SHA1_ALGORITHM, NULL, + BCRYPT_ALG_HANDLE_HMAC_FLAG); + + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgRSA, + BCRYPT_RSA_ALGORITHM, NULL, 0); + BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgDSA, + BCRYPT_DSA_ALGORITHM, NULL, 0); + + ret = BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgAES_CBC, + BCRYPT_AES_ALGORITHM, NULL, 0); + if (ret == STATUS_SUCCESS) { + ret = BCryptSetProperty(_libssh2_wincng.hAlgAES_CBC, BCRYPT_CHAINING_MODE, + (PBYTE)BCRYPT_CHAIN_MODE_CBC, + sizeof(BCRYPT_CHAIN_MODE_CBC), 0); + if (ret != STATUS_SUCCESS) { + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgAES_CBC, 0); + } + } + + ret = BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgRC4_NA, + BCRYPT_RC4_ALGORITHM, NULL, 0); + if (ret == STATUS_SUCCESS) { + ret = BCryptSetProperty(_libssh2_wincng.hAlgRC4_NA, BCRYPT_CHAINING_MODE, + (PBYTE)BCRYPT_CHAIN_MODE_NA, + sizeof(BCRYPT_CHAIN_MODE_NA), 0); + if (ret != STATUS_SUCCESS) { + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRC4_NA, 0); + } + } + + ret = BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlg3DES_CBC, + BCRYPT_3DES_ALGORITHM, NULL, 0); + if (ret == STATUS_SUCCESS) { + ret = BCryptSetProperty(_libssh2_wincng.hAlg3DES_CBC, BCRYPT_CHAINING_MODE, + (PBYTE)BCRYPT_CHAIN_MODE_CBC, + sizeof(BCRYPT_CHAIN_MODE_CBC), 0); + if (ret != STATUS_SUCCESS) { + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlg3DES_CBC, 0); + } + } +} + +void +_libssh2_wincng_free(void) +{ + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRNG, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashMD5, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashSHA1, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacMD5, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacSHA1, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRSA, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgDSA, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgAES_CBC, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRC4_NA, 0); + BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlg3DES_CBC, 0); + + memset(&_libssh2_wincng, 0, sizeof(_libssh2_wincng)); +} + +int +_libssh2_wincng_random(void *buf, int len) +{ + return BCryptGenRandom(_libssh2_wincng.hAlgRNG, buf, len, 0) + == STATUS_SUCCESS ? 0 : -1; +} + + +/*******************************************************************/ +/* + * Windows CNG backend: Hash functions + */ + +int +_libssh2_wincng_hash_init(_libssh2_wincng_hash_ctx *ctx, + BCRYPT_ALG_HANDLE hAlg, unsigned long hashlen, + unsigned char *key, unsigned long keylen) +{ + BCRYPT_HASH_HANDLE hHash; + unsigned char *pbHashObject; + unsigned long dwHashObject, dwHash, cbData; + int ret; + + ret = BCryptGetProperty(hAlg, BCRYPT_HASH_LENGTH, + (unsigned char *)&dwHash, + sizeof(dwHash), + &cbData, 0); + if (ret != STATUS_SUCCESS || dwHash != hashlen) { + return -1; + } + + ret = BCryptGetProperty(hAlg, BCRYPT_OBJECT_LENGTH, + (unsigned char *)&dwHashObject, + sizeof(dwHashObject), + &cbData, 0); + if (ret != STATUS_SUCCESS) { + return -1; + } + + pbHashObject = malloc(dwHashObject); + if (!pbHashObject) { + return -1; + } + + + ret = BCryptCreateHash(hAlg, &hHash, + pbHashObject, dwHashObject, + key, keylen, 0); + if (ret != STATUS_SUCCESS) { + free(pbHashObject); + return -1; + } + + + ctx->hHash = hHash; + ctx->pbHashObject = pbHashObject; + ctx->dwHashObject = dwHashObject; + ctx->cbHash = dwHash; + + return 0; +} + +int +_libssh2_wincng_hash_update(_libssh2_wincng_hash_ctx *ctx, + unsigned char *data, unsigned long datalen) +{ + return BCryptHashData(ctx->hHash, data, datalen, 0) + == STATUS_SUCCESS ? 0 : -1; +} + +int +_libssh2_wincng_hash_final(_libssh2_wincng_hash_ctx *ctx, + unsigned char *hash) +{ + int ret; + + ret = BCryptFinishHash(ctx->hHash, hash, ctx->cbHash, 0); + + BCryptDestroyHash(ctx->hHash); + + if (ctx->pbHashObject) + free(ctx->pbHashObject); + + memset(ctx, 0, sizeof(_libssh2_wincng_hash_ctx)); + + return ret; +} + +int +_libssh2_wincng_hash(unsigned char *data, unsigned long datalen, + BCRYPT_ALG_HANDLE hAlg, + unsigned char *hash, unsigned long hashlen) +{ + _libssh2_wincng_hash_ctx ctx; + + if (!_libssh2_wincng_hash_init(&ctx, hAlg, hashlen, NULL, 0)) { + if (!_libssh2_wincng_hash_update(&ctx, data, datalen)) { + if (!_libssh2_wincng_hash_final(&ctx, hash)) { + return 0; + } + } + } + + return -1; +} + + +/*******************************************************************/ +/* + * Windows CNG backend: HMAC functions + */ + +int +_libssh2_wincng_hmac_final(_libssh2_wincng_hash_ctx *ctx, + unsigned char *hash) +{ + return BCryptFinishHash(ctx->hHash, hash, ctx->cbHash, 0) + == STATUS_SUCCESS ? 0 : -1; +} + +void +_libssh2_wincng_hmac_cleanup(_libssh2_wincng_hash_ctx *ctx) +{ + BCryptDestroyHash(ctx->hHash); + + if (ctx->pbHashObject) + free(ctx->pbHashObject); + + memset(ctx, 0, sizeof(_libssh2_wincng_hash_ctx)); +} + + +/*******************************************************************/ +/* + * Windows CNG backend: Key functions + */ + +int +_libssh2_wincng_key_sha1_verify(_libssh2_wincng_key_ctx *ctx, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, + unsigned long m_len, + unsigned long flags) +{ + BCRYPT_PKCS1_PADDING_INFO paddingInfoPKCS1; + void *pPaddingInfo; + unsigned char *data, *hash; + unsigned long datalen, hashlen; + int ret; + + datalen = m_len; + data = malloc(datalen); + if (!data) { + return -1; + } + + hashlen = SHA_DIGEST_LENGTH; + hash = malloc(hashlen); + if (!hash) { + free(data); + return -1; + } + + memcpy(data, m, datalen); + + ret = _libssh2_wincng_hash(data, datalen, + _libssh2_wincng.hAlgHashSHA1, + hash, hashlen); + + free(data); + + if (ret) { + free(hash); + return -1; + } + + datalen = sig_len; + data = malloc(datalen); + if (!data) { + free(hash); + return -1; + } + + if (flags & BCRYPT_PAD_PKCS1) { + paddingInfoPKCS1.pszAlgId = BCRYPT_SHA1_ALGORITHM; + pPaddingInfo = &paddingInfoPKCS1; + } + + memcpy(data, sig, datalen); + + ret = BCryptVerifySignature(ctx->hKey, pPaddingInfo, + hash, hashlen, data, datalen, flags); + + free(hash); + free(data); + + return ret == STATUS_SUCCESS ? 0 : -1; +} + +#ifdef HAVE_LIBCRYPT32 +static int +_libssh2_wincng_load_pem(LIBSSH2_SESSION *session, + const char *filename, + const char *passphrase, + const char *headerbegin, + const char *headerend, + unsigned char **data, + unsigned int *datalen) +{ + FILE *fp; + int ret; + + (void)passphrase; + + fp = fopen(filename, "r"); + if (!fp) { + return -1; + } + + ret = _libssh2_pem_parse(session, headerbegin, headerend, + fp, data, datalen); + + fclose(fp); + + return ret; +} + +static int +_libssh2_wincng_load_private(LIBSSH2_SESSION *session, + const char *filename, + const char *passphrase, + unsigned char **ppbEncoded, + unsigned long *pcbEncoded) +{ + unsigned char *data; + int ret, datalen; + + ret = _libssh2_wincng_load_pem(session, filename, passphrase, + "-----BEGIN RSA PRIVATE KEY-----", + "-----END RSA PRIVATE KEY-----", + &data, &datalen); + + if (ret) { + ret = _libssh2_wincng_load_pem(session, filename, passphrase, + "-----BEGIN DSA PRIVATE KEY-----", + "-----END DSA PRIVATE KEY-----", + &data, &datalen); + } + + if (!ret) { + *ppbEncoded = data; + *pcbEncoded = datalen; + } + + return ret; +} + +static int +_libssh2_wincng_asn_decode(unsigned char *pbEncoded, + unsigned long cbEncoded, + LPCSTR lpszStructType, + unsigned char **ppbDecoded, + unsigned long *pcbDecoded) +{ + unsigned char *pbDecoded; + unsigned long cbDecoded; + int ret; + + ret = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + lpszStructType, + pbEncoded, cbEncoded, 0, NULL, + NULL, &cbDecoded); + if (!ret) { + return -1; + } + + pbDecoded = malloc(cbDecoded); + if (!pbDecoded) { + return -1; + } + + ret = CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + lpszStructType, + pbEncoded, cbEncoded, 0, NULL, + pbDecoded, &cbDecoded); + if (!ret) { + free(pbDecoded); + return -1; + } + + + *ppbDecoded = pbDecoded; + *pcbDecoded = cbDecoded; + + return 0; +} + +static int +_libssh2_wincng_bn_ltob(unsigned char *pbInput, + unsigned long cbInput, + unsigned char **ppbOutput, + unsigned long *pcbOutput) +{ + unsigned char *pbOutput; + unsigned long cbOutput, index, offset, length; + + if (cbInput < 1) { + return 0; + } + + offset = 0; + length = cbInput - 1; + cbOutput = cbInput; + if (pbInput[length] & (1 << 7)) { + offset++; + cbOutput++; + } + + pbOutput = malloc(cbOutput); + if (!pbOutput) { + return -1; + } + + pbOutput[0] = 0; + for (index = 0; index < cbInput; index++) { + pbOutput[index + offset] = pbInput[length - index]; + } + + + *ppbOutput = pbOutput; + *pcbOutput = cbOutput; + + return 0; +} + +static int +_libssh2_wincng_asn_decode_bn(unsigned char *pbEncoded, + unsigned long cbEncoded, + unsigned char **ppbDecoded, + unsigned long *pcbDecoded) +{ + unsigned char *pbDecoded, *pbInteger; + unsigned long cbDecoded, cbInteger; + int ret; + + ret = _libssh2_wincng_asn_decode(pbEncoded, cbEncoded, + X509_MULTI_BYTE_UINT, + &pbInteger, &cbInteger); + if (!ret) { + ret = _libssh2_wincng_bn_ltob(((PCRYPT_DATA_BLOB)pbInteger)->pbData, + ((PCRYPT_DATA_BLOB)pbInteger)->cbData, + &pbDecoded, &cbDecoded); + if (!ret) { + *ppbDecoded = pbDecoded; + *pcbDecoded = cbDecoded; + } + free(pbInteger); + } + + return ret; +} + +static int +_libssh2_wincng_asn_decode_bns(unsigned char *pbEncoded, + unsigned long cbEncoded, + unsigned char ***prpbDecoded, + unsigned long **prcbDecoded, + unsigned long *pcbCount) +{ + PCRYPT_DER_BLOB pBlob; + unsigned char *pbDecoded, **rpbDecoded; + unsigned long cbDecoded, *rcbDecoded, index, length; + int ret; + + ret = _libssh2_wincng_asn_decode(pbEncoded, cbEncoded, + X509_SEQUENCE_OF_ANY, + &pbDecoded, &cbDecoded); + if (!ret) { + length = ((PCRYPT_DATA_BLOB)pbDecoded)->cbData; + + rpbDecoded = malloc(sizeof(PBYTE) * length); + if (rpbDecoded) { + rcbDecoded = malloc(sizeof(DWORD) * length); + if (rcbDecoded) { + for (index = 0; index < length; index++) { + pBlob = &((PCRYPT_DER_BLOB) + ((PCRYPT_DATA_BLOB)pbDecoded)->pbData)[index]; + ret = _libssh2_wincng_asn_decode_bn(pBlob->pbData, + pBlob->cbData, + &rpbDecoded[index], + &rcbDecoded[index]); + if (ret) + break; + } + + if (ret) { + for (length = 0; length < index; length++) { + if (rpbDecoded[length]) { + free(rpbDecoded[length]); + rpbDecoded[length] = NULL; + } + } + } else { + *prpbDecoded = rpbDecoded; + *prcbDecoded = rcbDecoded; + *pcbCount = length; + } + } else { + free(rpbDecoded); + ret = -1; + } + + } else { + ret = -1; + } + + free(pbDecoded); + } + + return ret; +} +#endif /* HAVE_LIBCRYPT32 */ + +static unsigned long +_libssh2_wincng_bn_size(const unsigned char *bignum, + unsigned long length) +{ + unsigned long offset; + + if (!bignum) + return 0; + + length--; + + offset = 0; + while (!(*(bignum + offset)) && (offset < length)) + offset++; + + length++; + + return length - offset; +} + + +/*******************************************************************/ +/* + * Windows CNG backend: RSA functions + */ + +int +_libssh2_wincng_rsa_new(libssh2_rsa_ctx **rsa, + const unsigned char *edata, + unsigned long elen, + const unsigned char *ndata, + unsigned long nlen, + const unsigned char *ddata, + unsigned long dlen, + const unsigned char *pdata, + unsigned long plen, + const unsigned char *qdata, + unsigned long qlen, + const unsigned char *e1data, + unsigned long e1len, + const unsigned char *e2data, + unsigned long e2len, + const unsigned char *coeffdata, + unsigned long coefflen) +{ + BCRYPT_KEY_HANDLE hKey; + BCRYPT_RSAKEY_BLOB *rsakey; + LPCWSTR lpszBlobType; + unsigned char *key; + unsigned long keylen, offset, mlen, p1len, p2len; + int ret; + + mlen = max(_libssh2_wincng_bn_size(ndata, nlen), + _libssh2_wincng_bn_size(ddata, dlen)); + offset = sizeof(BCRYPT_RSAKEY_BLOB); + keylen = offset + elen + mlen; + if (ddata && dlen > 0) { + p1len = max(_libssh2_wincng_bn_size(pdata, plen), + _libssh2_wincng_bn_size(e1data, e1len)); + p2len = max(_libssh2_wincng_bn_size(qdata, qlen), + _libssh2_wincng_bn_size(e2data, e2len)); + keylen += p1len * 3 + p2len * 2 + mlen; + } + + key = malloc(keylen); + if (!key) { + return -1; + } + + memset(key, 0, keylen); + + + /* http://msdn.microsoft.com/library/windows/desktop/aa375531.aspx */ + rsakey = (BCRYPT_RSAKEY_BLOB *)key; + rsakey->BitLength = mlen * 8; + rsakey->cbPublicExp = elen; + rsakey->cbModulus = mlen; + + memcpy(key + offset, edata, elen); + offset += elen; + + if (nlen < mlen) + memcpy(key + offset + mlen - nlen, ndata, nlen); + else + memcpy(key + offset, ndata + nlen - mlen, mlen); + + if (ddata && dlen > 0) { + offset += mlen; + + if (plen < p1len) + memcpy(key + offset + p1len - plen, pdata, plen); + else + memcpy(key + offset, pdata + plen - p1len, p1len); + offset += p1len; + + if (qlen < p2len) + memcpy(key + offset + p2len - qlen, qdata, qlen); + else + memcpy(key + offset, qdata + qlen - p2len, p2len); + offset += p2len; + + if (e1len < p1len) + memcpy(key + offset + p1len - e1len, e1data, e1len); + else + memcpy(key + offset, e1data + e1len - p1len, p1len); + offset += p1len; + + if (e2len < p2len) + memcpy(key + offset + p2len - e2len, e2data, e2len); + else + memcpy(key + offset, e2data + e2len - p2len, p2len); + offset += p2len; + + if (coefflen < p1len) + memcpy(key + offset + p1len - coefflen, coeffdata, coefflen); + else + memcpy(key + offset, coeffdata + coefflen - p1len, p1len); + offset += p1len; + + if (dlen < mlen) + memcpy(key + offset + mlen - dlen, ddata, dlen); + else + memcpy(key + offset, ddata + dlen - mlen, mlen); + + lpszBlobType = BCRYPT_RSAFULLPRIVATE_BLOB; + rsakey->Magic = BCRYPT_RSAFULLPRIVATE_MAGIC; + rsakey->cbPrime1 = p1len; + rsakey->cbPrime2 = p2len; + } else { + lpszBlobType = BCRYPT_RSAPUBLIC_BLOB; + rsakey->Magic = BCRYPT_RSAPUBLIC_MAGIC; + rsakey->cbPrime1 = 0; + rsakey->cbPrime2 = 0; + } + + + ret = BCryptImportKeyPair(_libssh2_wincng.hAlgRSA, NULL, lpszBlobType, + &hKey, key, keylen, 0); + if (ret != STATUS_SUCCESS) { + free(key); + return -1; + } + + + *rsa = malloc(sizeof(libssh2_rsa_ctx)); + if (!(*rsa)) { + BCryptDestroyKey(hKey); + free(key); + return -1; + } + + (*rsa)->hKey = hKey; + (*rsa)->pbKeyObject = key; + (*rsa)->cbKeyObject = keylen; + + return 0; +} + +int +_libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa, + LIBSSH2_SESSION *session, + const char *filename, + const unsigned char *passphrase) +{ +#ifdef HAVE_LIBCRYPT32 + BCRYPT_KEY_HANDLE hKey; + unsigned char *pbEncoded, *pbStructInfo; + unsigned long cbEncoded, cbStructInfo; + int ret; + + (void)session; + + ret = _libssh2_wincng_load_private(session, filename, + (const char *)passphrase, + &pbEncoded, &cbEncoded); + if (ret) { + return -1; + } + + ret = _libssh2_wincng_asn_decode(pbEncoded, cbEncoded, + PKCS_RSA_PRIVATE_KEY, + &pbStructInfo, &cbStructInfo); + + free(pbEncoded); + + if (ret) { + return -1; + } + + + ret = BCryptImportKeyPair(_libssh2_wincng.hAlgRSA, NULL, + LEGACY_RSAPRIVATE_BLOB, &hKey, + pbStructInfo, cbStructInfo, 0); + if (ret != STATUS_SUCCESS) { + free(pbStructInfo); + return -1; + } + + + *rsa = malloc(sizeof(libssh2_rsa_ctx)); + if (!(*rsa)) { + BCryptDestroyKey(hKey); + free(pbStructInfo); + return -1; + } + + (*rsa)->hKey = hKey; + (*rsa)->pbKeyObject = pbStructInfo; + (*rsa)->cbKeyObject = cbStructInfo; + + return 0; +#else + (void)rsa; + (void)filename; + (void)passphrase; + + return _libssh2_error(session, LIBSSH2_ERROR_FILE, + "Unable to load RSA key from private key file: " + "Method unsupported in Windows CNG backend"); +#endif /* HAVE_LIBCRYPT32 */ +} + +int +_libssh2_wincng_rsa_sha1_verify(libssh2_rsa_ctx *rsa, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, + unsigned long m_len) +{ + return _libssh2_wincng_key_sha1_verify(rsa, sig, sig_len, m, m_len, + BCRYPT_PAD_PKCS1); +} + +int +_libssh2_wincng_rsa_sha1_sign(LIBSSH2_SESSION *session, + libssh2_rsa_ctx *rsa, + const unsigned char *hash, + size_t hash_len, + unsigned char **signature, + size_t *signature_len) +{ + BCRYPT_PKCS1_PADDING_INFO paddingInfo; + unsigned char *data, *sig; + unsigned long cbData, datalen, siglen; + int ret; + + datalen = (unsigned long)hash_len; + data = malloc(datalen); + if (!data) { + return -1; + } + + paddingInfo.pszAlgId = BCRYPT_SHA1_ALGORITHM; + + memcpy(data, hash, datalen); + + ret = BCryptSignHash(rsa->hKey, &paddingInfo, + data, datalen, NULL, 0, + &cbData, BCRYPT_PAD_PKCS1); + if (ret == STATUS_SUCCESS) { + siglen = cbData; + sig = LIBSSH2_ALLOC(session, siglen); + if (sig) { + ret = BCryptSignHash(rsa->hKey, &paddingInfo, + data, datalen, sig, siglen, + &cbData, BCRYPT_PAD_PKCS1); + if (ret == STATUS_SUCCESS) { + *signature_len = siglen; + *signature = sig; + } else { + LIBSSH2_FREE(session, sig); + } + } else + ret = STATUS_NO_MEMORY; + } + + free(data); + + return ret == STATUS_SUCCESS ? 0 : -1; +} + +void +_libssh2_wincng_rsa_free(libssh2_rsa_ctx *rsa) +{ + if (!rsa) + return; + + BCryptDestroyKey(rsa->hKey); + + if (rsa->pbKeyObject) + free(rsa->pbKeyObject); + + memset(rsa, 0, sizeof(libssh2_rsa_ctx)); + free(rsa); +} + + +/*******************************************************************/ +/* + * Windows CNG backend: DSA functions + */ + +#if LIBSSH2_DSA +int +_libssh2_wincng_dsa_new(libssh2_dsa_ctx **dsa, + const unsigned char *pdata, + unsigned long plen, + const unsigned char *qdata, + unsigned long qlen, + const unsigned char *gdata, + unsigned long glen, + const unsigned char *ydata, + unsigned long ylen, + const unsigned char *xdata, + unsigned long xlen) +{ + BCRYPT_KEY_HANDLE hKey; + BCRYPT_DSA_KEY_BLOB *dsakey; + LPCWSTR lpszBlobType; + unsigned char *key; + unsigned long keylen, offset, length; + int ret; + + length = max(max(_libssh2_wincng_bn_size(pdata, plen), + _libssh2_wincng_bn_size(gdata, glen)), + _libssh2_wincng_bn_size(ydata, ylen)); + offset = sizeof(BCRYPT_DSA_KEY_BLOB); + keylen = offset + length * 3; + if (xdata && xlen > 0) + keylen += 20; + + key = malloc(keylen); + if (!key) { + return -1; + } + + memset(key, 0, keylen); + + + /* http://msdn.microsoft.com/library/windows/desktop/aa833126.aspx */ + dsakey = (BCRYPT_DSA_KEY_BLOB *)key; + dsakey->cbKey = length; + + memset(dsakey->Count, -1, sizeof(dsakey->Count)); + memset(dsakey->Seed, -1, sizeof(dsakey->Seed)); + + if (qlen < 20) + memcpy(dsakey->q + 20 - qlen, qdata, qlen); + else + memcpy(dsakey->q, qdata + qlen - 20, 20); + + if (plen < length) + memcpy(key + offset + length - plen, pdata, plen); + else + memcpy(key + offset, pdata + plen - length, length); + offset += length; + + if (glen < length) + memcpy(key + offset + length - glen, gdata, glen); + else + memcpy(key + offset, gdata + glen - length, length); + offset += length; + + if (ylen < length) + memcpy(key + offset + length - ylen, ydata, ylen); + else + memcpy(key + offset, ydata + ylen - length, length); + + if (xdata && xlen > 0) { + offset += length; + + if (xlen < 20) + memcpy(key + offset + 20 - xlen, xdata, xlen); + else + memcpy(key + offset, xdata + xlen - 20, 20); + + lpszBlobType = BCRYPT_DSA_PRIVATE_BLOB; + dsakey->dwMagic = BCRYPT_DSA_PRIVATE_MAGIC; + } else { + lpszBlobType = BCRYPT_DSA_PUBLIC_BLOB; + dsakey->dwMagic = BCRYPT_DSA_PUBLIC_MAGIC; + } + + + ret = BCryptImportKeyPair(_libssh2_wincng.hAlgDSA, NULL, lpszBlobType, + &hKey, key, keylen, 0); + if (ret != STATUS_SUCCESS) { + free(key); + return -1; + } + + + *dsa = malloc(sizeof(libssh2_dsa_ctx)); + if (!(*dsa)) { + BCryptDestroyKey(hKey); + free(key); + return -1; + } + + (*dsa)->hKey = hKey; + (*dsa)->pbKeyObject = key; + (*dsa)->cbKeyObject = keylen; + + return 0; +} + +int +_libssh2_wincng_dsa_new_private(libssh2_dsa_ctx **dsa, + LIBSSH2_SESSION *session, + const char *filename, + const unsigned char *passphrase) +{ +#ifdef HAVE_LIBCRYPT32 + unsigned char *pbEncoded, **rpbDecoded; + unsigned long cbEncoded, *rcbDecoded, index, length; + int ret; + + (void)session; + + ret = _libssh2_wincng_load_private(session, filename, + (const char *)passphrase, + &pbEncoded, &cbEncoded); + if (ret) { + return -1; + } + + ret = _libssh2_wincng_asn_decode_bns(pbEncoded, cbEncoded, + &rpbDecoded, &rcbDecoded, &length); + + free(pbEncoded); + + if (ret) { + return -1; + } + + + if (length == 6) { + ret = _libssh2_wincng_dsa_new(dsa, + rpbDecoded[1], rcbDecoded[1], + rpbDecoded[2], rcbDecoded[2], + rpbDecoded[3], rcbDecoded[3], + rpbDecoded[4], rcbDecoded[4], + rpbDecoded[5], rcbDecoded[5]); + } else { + ret = -1; + } + + for (index = 0; index < length; index++) { + if (rpbDecoded[index]) { + free(rpbDecoded[index]); + rpbDecoded[index] = NULL; + } + } + + free(rpbDecoded); + free(rcbDecoded); + + return ret; +#else + (void)dsa; + (void)filename; + (void)passphrase; + + return _libssh2_error(session, LIBSSH2_ERROR_FILE, + "Unable to load DSA key from private key file: " + "Method unsupported in Windows CNG backend"); +#endif /* HAVE_LIBCRYPT32 */ +} + +int +_libssh2_wincng_dsa_sha1_verify(libssh2_dsa_ctx *dsa, + const unsigned char *sig_fixed, + const unsigned char *m, + unsigned long m_len) +{ + return _libssh2_wincng_key_sha1_verify(dsa, sig_fixed, 40, m, m_len, 0); +} + +int +_libssh2_wincng_dsa_sha1_sign(libssh2_dsa_ctx *dsa, + const unsigned char *hash, + unsigned long hash_len, + unsigned char *sig_fixed) +{ + unsigned char *data, *sig; + unsigned long cbData, datalen, siglen; + int ret; + + datalen = hash_len; + data = malloc(datalen); + if (!data) { + return -1; + } + + memcpy(data, hash, datalen); + + ret = BCryptSignHash(dsa->hKey, NULL, data, datalen, + NULL, 0, &cbData, 0); + if (ret == STATUS_SUCCESS) { + siglen = cbData; + if (siglen == 40) { + sig = malloc(siglen); + if (sig) { + ret = BCryptSignHash(dsa->hKey, NULL, data, datalen, + sig, siglen, &cbData, 0); + if (ret == STATUS_SUCCESS) { + memcpy(sig_fixed, sig, siglen); + } + + free(sig); + } else + ret = STATUS_NO_MEMORY; + } else + ret = STATUS_NO_MEMORY; + } + + free(data); + + return ret == STATUS_SUCCESS ? 0 : -1; +} + +void +_libssh2_wincng_dsa_free(libssh2_dsa_ctx *dsa) +{ + if (!dsa) + return; + + BCryptDestroyKey(dsa->hKey); + + if (dsa->pbKeyObject) + free(dsa->pbKeyObject); + + memset(dsa, 0, sizeof(libssh2_dsa_ctx)); + free(dsa); +} +#endif + + +/*******************************************************************/ +/* + * Windows CNG backend: Key functions + */ + +static unsigned long +_libssh2_wincng_pub_priv_write(unsigned char *key, + unsigned long offset, + const unsigned char *bignum, + const unsigned long length) +{ + _libssh2_htonu32(key + offset, length); + offset += 4; + + memcpy(key + offset, bignum, length); + offset += length; + + return offset; +} + +int +_libssh2_wincng_pub_priv_keyfile(LIBSSH2_SESSION *session, + unsigned char **method, + size_t *method_len, + unsigned char **pubkeydata, + size_t *pubkeydata_len, + const char *privatekey, + const char *passphrase) +{ +#ifdef HAVE_LIBCRYPT32 + unsigned char *pbEncoded, **rpbDecoded; + unsigned long cbEncoded, *rcbDecoded; + unsigned char *key, *mth; + unsigned long keylen, mthlen, index, offset, length; + int ret; + + ret = _libssh2_wincng_load_private(session, privatekey, passphrase, + &pbEncoded, &cbEncoded); + if (ret) { + return -1; + } + + ret = _libssh2_wincng_asn_decode_bns(pbEncoded, cbEncoded, + &rpbDecoded, &rcbDecoded, &length); + + free(pbEncoded); + + if (ret) { + return -1; + } + + + if (length == 9) { /* private RSA key */ + mthlen = 7; + mth = LIBSSH2_ALLOC(session, mthlen); + if (mth) { + memcpy(mth, "ssh-rsa", mthlen); + } else { + ret = -1; + } + + + keylen = 4 + mthlen + 4 + rcbDecoded[2] + 4 + rcbDecoded[1]; + key = LIBSSH2_ALLOC(session, keylen); + if (key) { + offset = _libssh2_wincng_pub_priv_write(key, 0, mth, mthlen); + + offset = _libssh2_wincng_pub_priv_write(key, offset, + rpbDecoded[2], + rcbDecoded[2]); + + _libssh2_wincng_pub_priv_write(key, offset, + rpbDecoded[1], + rcbDecoded[1]); + } else { + ret = -1; + } + + } else if (length == 6) { /* private DSA key */ + mthlen = 7; + mth = LIBSSH2_ALLOC(session, mthlen); + if (mth) { + memcpy(mth, "ssh-dss", mthlen); + } else { + ret = -1; + } + + keylen = 4 + mthlen + 4 + rcbDecoded[1] + 4 + rcbDecoded[2] + + 4 + rcbDecoded[3] + 4 + rcbDecoded[4]; + key = LIBSSH2_ALLOC(session, keylen); + if (key) { + offset = _libssh2_wincng_pub_priv_write(key, 0, mth, mthlen); + + offset = _libssh2_wincng_pub_priv_write(key, offset, + rpbDecoded[1], + rcbDecoded[1]); + + offset = _libssh2_wincng_pub_priv_write(key, offset, + rpbDecoded[2], + rcbDecoded[2]); + + offset = _libssh2_wincng_pub_priv_write(key, offset, + rpbDecoded[3], + rcbDecoded[3]); + + _libssh2_wincng_pub_priv_write(key, offset, + rpbDecoded[4], + rcbDecoded[4]); + } else { + ret = -1; + } + + } else { + ret = -1; + } + + + for (index = 0; index < length; index++) { + if (rpbDecoded[index]) { + free(rpbDecoded[index]); + rpbDecoded[index] = NULL; + } + } + + free(rpbDecoded); + free(rcbDecoded); + + + if (ret) { + if (mth) + LIBSSH2_FREE(session, mth); + if (key) + LIBSSH2_FREE(session, key); + } else { + *method = mth; + *method_len = mthlen; + *pubkeydata = key; + *pubkeydata_len = keylen; + } + + return ret; +#else + (void)method; + (void)method_len; + (void)pubkeydata; + (void)pubkeydata_len; + (void)privatekey; + (void)passphrase; + + return _libssh2_error(session, LIBSSH2_ERROR_FILE, + "Unable to load public key from private key file: " + "Method unsupported in Windows CNG backend"); +#endif /* HAVE_LIBCRYPT32 */ +} + + +/*******************************************************************/ +/* + * Windows CNG backend: Cipher functions + */ + +int +_libssh2_wincng_cipher_init(_libssh2_cipher_ctx *ctx, + _libssh2_cipher_type(type), + unsigned char *iv, + unsigned char *secret, + int encrypt) +{ + BCRYPT_KEY_HANDLE hKey; + BCRYPT_KEY_DATA_BLOB_HEADER *header; + unsigned char *pbKeyObject, *pbIV, *key; + unsigned long dwKeyObject, dwIV, dwBlockLength, cbData, keylen; + int ret; + + (void)encrypt; + + ret = BCryptGetProperty(*type.phAlg, BCRYPT_OBJECT_LENGTH, + (unsigned char *)&dwKeyObject, + sizeof(dwKeyObject), + &cbData, 0); + if (ret != STATUS_SUCCESS) { + return -1; + } + + ret = BCryptGetProperty(*type.phAlg, BCRYPT_BLOCK_LENGTH, + (unsigned char *)&dwBlockLength, + sizeof(dwBlockLength), + &cbData, 0); + if (ret != STATUS_SUCCESS) { + return -1; + } + + pbKeyObject = malloc(dwKeyObject); + if (!pbKeyObject) { + return -1; + } + + + keylen = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + type.dwKeyLength; + key = malloc(keylen); + if (!key) { + free(pbKeyObject); + return -1; + } + + + header = (BCRYPT_KEY_DATA_BLOB_HEADER *)key; + header->dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC; + header->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1; + header->cbKeyData = type.dwKeyLength; + + memcpy(key + sizeof(BCRYPT_KEY_DATA_BLOB_HEADER), + secret, type.dwKeyLength); + + ret = BCryptImportKey(*type.phAlg, NULL, BCRYPT_KEY_DATA_BLOB, &hKey, + pbKeyObject, dwKeyObject, key, keylen, 0); + + free(key); + + if (ret != STATUS_SUCCESS) { + free(pbKeyObject); + return -1; + } + + if (type.dwUseIV) { + pbIV = malloc(dwBlockLength); + if (!pbIV) { + BCryptDestroyKey(hKey); + free(pbKeyObject); + return -1; + } + dwIV = dwBlockLength; + memcpy(pbIV, iv, dwIV); + } else { + pbIV = NULL; + dwIV = 0; + } + + + ctx->hKey = hKey; + ctx->pbKeyObject = pbKeyObject; + ctx->pbIV = pbIV; + ctx->dwKeyObject = dwKeyObject; + ctx->dwIV = dwIV; + ctx->dwBlockLength = dwBlockLength; + + return 0; +} + +int +_libssh2_wincng_cipher_crypt(_libssh2_cipher_ctx *ctx, + _libssh2_cipher_type(type), + int encrypt, + unsigned char *block, + size_t blocklen) +{ + unsigned char *pbOutput; + unsigned long cbOutput, cbInput; + int ret; + + (void)type; + + cbInput = (unsigned long)blocklen; + + if (encrypt) { + ret = BCryptEncrypt(ctx->hKey, block, cbInput, NULL, + ctx->pbIV, ctx->dwIV, NULL, 0, &cbOutput, 0); + } else { + ret = BCryptDecrypt(ctx->hKey, block, cbInput, NULL, + ctx->pbIV, ctx->dwIV, NULL, 0, &cbOutput, 0); + } + if (ret == STATUS_SUCCESS) { + pbOutput = malloc(cbOutput); + if (pbOutput) { + if (encrypt) { + ret = BCryptEncrypt(ctx->hKey, block, cbInput, NULL, + ctx->pbIV, ctx->dwIV, + pbOutput, cbOutput, &cbOutput, 0); + } else { + ret = BCryptDecrypt(ctx->hKey, block, cbInput, NULL, + ctx->pbIV, ctx->dwIV, + pbOutput, cbOutput, &cbOutput, 0); + } + if (ret == STATUS_SUCCESS) { + memcpy(block, pbOutput, cbOutput); + } + + free(pbOutput); + } else + ret = STATUS_NO_MEMORY; + } + + return ret == STATUS_SUCCESS ? 0 : -1; +} + +void +_libssh2_wincng_cipher_dtor(_libssh2_cipher_ctx *ctx) +{ + BCryptDestroyKey(ctx->hKey); + + if (ctx->pbKeyObject) { + free(ctx->pbKeyObject); + ctx->pbKeyObject = NULL; + } + + memset(ctx, 0, sizeof(_libssh2_cipher_ctx)); +} + + +/*******************************************************************/ +/* + * Windows CNG backend: BigNumber functions + */ + +_libssh2_bn * +_libssh2_wincng_bignum_init(void) +{ + _libssh2_bn *bignum; + + bignum = malloc(sizeof(_libssh2_bn)); + bignum->bignum = NULL; + bignum->length = 0; + + return bignum; +} + +static int +_libssh2_wincng_bignum_resize(_libssh2_bn *bn, unsigned long length) +{ + unsigned char *bignum; + + if (!bn) + return -1; + + if (length == bn->length) + return 0; + + bignum = realloc(bn->bignum, length); + if (!bignum) + return -1; + + bn->bignum = bignum; + bn->length = length; + + return 0; +} + +int +_libssh2_wincng_bignum_rand(_libssh2_bn *rnd, int bits, int top, int bottom) +{ + unsigned char *bignum; + unsigned long length; + + if (!rnd) + return -1; + + length = (unsigned long)(ceil((float)bits / 8) * sizeof(unsigned char)); + if (_libssh2_wincng_bignum_resize(rnd, length)) + return -1; + + bignum = rnd->bignum; + + if (_libssh2_wincng_random(bignum, length)) + return -1; + + /* calculate significant bits in most significant byte */ + bits %= 8; + + /* fill most significant byte with zero padding */ + bignum[0] &= (1 << (8 - bits)) - 1; + + /* set some special last bits in most significant byte */ + if (top == 0) + bignum[0] |= (1 << (7 - bits)); + else if (top == 1) + bignum[0] |= (3 << (6 - bits)); + + /* make odd by setting first bit in least significant byte */ + if (bottom) + bignum[length - 1] |= 1; + + return 0; +} + +int +_libssh2_wincng_bignum_mod_exp(_libssh2_bn *r, + _libssh2_bn *a, + _libssh2_bn *p, + _libssh2_bn *m, + _libssh2_bn_ctx *bnctx) +{ + BCRYPT_KEY_HANDLE hKey; + BCRYPT_RSAKEY_BLOB *rsakey; + unsigned char *key, *bignum; + unsigned long keylen, offset, length; + int ret; + + (void)bnctx; + + if (!r || !a || !p || !m) + return -1; + + offset = sizeof(BCRYPT_RSAKEY_BLOB); + keylen = offset + p->length + m->length; + + key = malloc(keylen); + if (!key) + return -1; + + + /* http://msdn.microsoft.com/library/windows/desktop/aa375531.aspx */ + rsakey = (BCRYPT_RSAKEY_BLOB *)key; + rsakey->Magic = BCRYPT_RSAPUBLIC_MAGIC; + rsakey->BitLength = m->length * 8; + rsakey->cbPublicExp = p->length; + rsakey->cbModulus = m->length; + rsakey->cbPrime1 = 0; + rsakey->cbPrime2 = 0; + + memcpy(key + offset, p->bignum, p->length); + offset += p->length; + + memcpy(key + offset, m->bignum, m->length); + + ret = BCryptImportKeyPair(_libssh2_wincng.hAlgRSA, NULL, + BCRYPT_RSAPUBLIC_BLOB, &hKey, key, keylen, + BCRYPT_NO_KEY_VALIDATION); + + if (ret == STATUS_SUCCESS) { + ret = BCryptEncrypt(hKey, a->bignum, a->length, NULL, NULL, 0, + NULL, 0, &length, BCRYPT_PAD_NONE); + if (ret == STATUS_SUCCESS) { + if (!_libssh2_wincng_bignum_resize(r, length)) { + length = max(a->length, length); + bignum = malloc(length); + if (bignum) { + offset = length - a->length; + memset(bignum, 0, offset); + memcpy(bignum + offset, a->bignum, a->length); + + ret = BCryptEncrypt(hKey, bignum, length, NULL, NULL, 0, + r->bignum, r->length, &offset, + BCRYPT_PAD_NONE); + + free(bignum); + + if (ret == STATUS_SUCCESS) { + _libssh2_wincng_bignum_resize(r, offset); + } + } else + ret = STATUS_NO_MEMORY; + } else + ret = STATUS_NO_MEMORY; + } + + BCryptDestroyKey(hKey); + } + + free(key); + + return ret == STATUS_SUCCESS ? 0 : -1; +} + +int +_libssh2_wincng_bignum_set_word(_libssh2_bn *bn, unsigned long word) +{ + unsigned long offset, number, bits, length; + + if (!bn) + return -1; + + bits = 0; + number = word; + while (number >>= 1) + bits++; + + length = (unsigned long)(ceil((double)(bits+1)/8)*sizeof(unsigned char)); + if (_libssh2_wincng_bignum_resize(bn, length)) + return -1; + + for (offset = 0; offset < length; offset++) + bn->bignum[offset] = (word >> (offset * 8)) & 0xff; + + return 0; +} + +unsigned long +_libssh2_wincng_bignum_bits(const _libssh2_bn *bn) +{ + unsigned char number; + unsigned long offset, length, bits; + + if (!bn) + return 0; + + length = bn->length - 1; + + offset = 0; + while (!(*(bn->bignum + offset)) && (offset < length)) + offset++; + + bits = (length - offset) * 8; + number = bn->bignum[offset]; + + while (number >>= 1) + bits++; + + bits++; + + return bits; +} + +void +_libssh2_wincng_bignum_from_bin(_libssh2_bn *bn, unsigned long len, + const unsigned char *bin) +{ + unsigned char *bignum; + unsigned long offset, length, bits; + + if (bn && bin && len > 0) { + if (!_libssh2_wincng_bignum_resize(bn, len)) { + memcpy(bn->bignum, bin, len); + + bits = _libssh2_wincng_bignum_bits(bn); + length = ceil((double)bits / 8) * sizeof(unsigned char); + + offset = bn->length - length; + if (offset > 0) { + memmove(bn->bignum, bn->bignum + offset, length); + + bignum = realloc(bn->bignum, length); + if (bignum) { + bn->bignum = bignum; + bn->length = length; + } + } + } + } +} + +void +_libssh2_wincng_bignum_to_bin(const _libssh2_bn *bn, unsigned char *bin) +{ + if (bin && bn && bn->bignum && bn->length > 0) { + memcpy(bin, bn->bignum, bn->length); + } +} + +void +_libssh2_wincng_bignum_free(_libssh2_bn *bn) +{ + if (bn) { + if (bn->bignum) { + free(bn->bignum); + bn->bignum = NULL; + } + bn->length = 0; + free(bn); + } +} + + +/* + * Windows CNG backend: other functions + */ + +void _libssh2_init_aes_ctr(void) +{ + /* no implementation */ + (void)0; +} + +#endif /* LIBSSH2_WINCNG */ diff --git a/src/wincng.h b/src/wincng.h new file mode 100644 index 0000000..a327b55 --- /dev/null +++ b/src/wincng.h @@ -0,0 +1,327 @@ +/* + * Copyright (C) 2013 Marc Hoersken + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#undef _WIN32_WINNT +#define _WIN32_WINNT 0x0600 + +#ifdef HAVE_WINDOWS_H +#include +#endif +#ifdef HAVE_NTDEF_H +#include +#endif +#ifdef HAVE_NTSTATUS_H +#include +#endif + +#include + + +#define LIBSSH2_MD5 1 + +#define LIBSSH2_HMAC_RIPEMD 0 + +#define LIBSSH2_AES 1 +#define LIBSSH2_AES_CTR 0 +#define LIBSSH2_BLOWFISH 0 +#define LIBSSH2_RC4 1 +#define LIBSSH2_CAST 0 +#define LIBSSH2_3DES 1 + +#define LIBSSH2_RSA 1 +#define LIBSSH2_DSA 1 + +#define MD5_DIGEST_LENGTH 16 +#define SHA_DIGEST_LENGTH 20 + + +/*******************************************************************/ +/* + * Windows CNG backend: Global context handles + */ + +struct _libssh2_wincng_ctx { + BCRYPT_ALG_HANDLE hAlgRNG; + BCRYPT_ALG_HANDLE hAlgHashMD5; + BCRYPT_ALG_HANDLE hAlgHashSHA1; + BCRYPT_ALG_HANDLE hAlgHmacMD5; + BCRYPT_ALG_HANDLE hAlgHmacSHA1; + BCRYPT_ALG_HANDLE hAlgRSA; + BCRYPT_ALG_HANDLE hAlgDSA; + BCRYPT_ALG_HANDLE hAlgAES_CBC; + BCRYPT_ALG_HANDLE hAlgRC4_NA; + BCRYPT_ALG_HANDLE hAlg3DES_CBC; +}; + +struct _libssh2_wincng_ctx _libssh2_wincng; + + +/*******************************************************************/ +/* + * Windows CNG backend: Generic functions + */ + +void _libssh2_wincng_init(void); +void _libssh2_wincng_free(void); + +#define libssh2_crypto_init() \ + _libssh2_wincng_init() +#define libssh2_crypto_exit() \ + _libssh2_wincng_free() + +#define _libssh2_random(buf, len) \ + _libssh2_wincng_random(buf, len) + + +/*******************************************************************/ +/* + * Windows CNG backend: Hash structure + */ + +struct _libssh2_wincng_hash_ctx { + BCRYPT_HASH_HANDLE hHash; + unsigned char *pbHashObject; + unsigned long dwHashObject; + unsigned long cbHash; +}; + +#define _libssh2_wincng_hash_ctx struct _libssh2_wincng_hash_ctx + +/* + * Windows CNG backend: Hash functions + */ + +#define libssh2_sha1_ctx _libssh2_wincng_hash_ctx +#define libssh2_sha1_init(ctx) \ + _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashSHA1, \ + SHA_DIGEST_LENGTH, NULL, 0) +#define libssh2_sha1_update(ctx, data, datalen) \ + _libssh2_wincng_hash_update(&ctx, data, datalen) +#define libssh2_sha1_final(ctx, hash) \ + _libssh2_wincng_hash_final(&ctx, hash) +#define libssh2_sha1(data, datalen, hash) \ + _libssh2_wincng_hash(data, datalen, _libssh2_wincng.hAlgHashSHA1, \ + hash, SHA_DIGEST_LENGTH) + +#define libssh2_md5_ctx _libssh2_wincng_hash_ctx +#define libssh2_md5_init(ctx) \ + _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashMD5, \ + MD5_DIGEST_LENGTH, NULL, 0) +#define libssh2_md5_update(ctx, data, datalen) \ + _libssh2_wincng_hash_update(&ctx, data, datalen) +#define libssh2_md5_final(ctx, hash) \ + _libssh2_wincng_hash_final(&ctx, hash) +#define libssh2_md5(data, datalen, hash) \ + _libssh2_wincng_hash(data, datalen, _libssh2_wincng.hAlgHashMD5, \ + hash, MD5_DIGEST_LENGTH) + +/* + * Windows CNG backend: HMAC functions + */ + +#define libssh2_hmac_ctx _libssh2_wincng_hash_ctx +#define libssh2_hmac_sha1_init(ctx, key, keylen) \ + _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHmacSHA1, \ + SHA_DIGEST_LENGTH, key, keylen) +#define libssh2_hmac_md5_init(ctx, key, keylen) \ + _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHmacMD5, \ + MD5_DIGEST_LENGTH, key, keylen) +#define libssh2_hmac_ripemd160_init(ctx, key, keylen) + /* not implemented */ +#define libssh2_hmac_update(ctx, data, datalen) \ + _libssh2_wincng_hash_update(&ctx, data, datalen) +#define libssh2_hmac_final(ctx, hash) \ + _libssh2_wincng_hmac_final(&ctx, hash) +#define libssh2_hmac_cleanup(ctx) \ + _libssh2_wincng_hmac_cleanup(ctx) + + +/*******************************************************************/ +/* + * Windows CNG backend: Key Context structure + */ + +struct _libssh2_wincng_key_ctx { + BCRYPT_KEY_HANDLE hKey; + unsigned char *pbKeyObject; + unsigned long cbKeyObject; +}; + +#define _libssh2_wincng_key_ctx struct _libssh2_wincng_key_ctx + +/* + * Windows CNG backend: RSA functions + */ + +#define libssh2_rsa_ctx _libssh2_wincng_key_ctx +#define _libssh2_rsa_new(rsactx, e, e_len, n, n_len, \ + d, d_len, p, p_len, q, q_len, \ + e1, e1_len, e2, e2_len, c, c_len) \ + _libssh2_wincng_rsa_new(rsactx, e, e_len, n, n_len, \ + d, d_len, p, p_len, q, q_len, \ + e1, e1_len, e2, e2_len, c, c_len) +#define _libssh2_rsa_new_private(rsactx, s, filename, passphrase) \ + _libssh2_wincng_rsa_new_private(rsactx, s, filename, passphrase) +#define _libssh2_rsa_sha1_sign(s, rsactx, hash, hash_len, sig, sig_len) \ + _libssh2_wincng_rsa_sha1_sign(s, rsactx, hash, hash_len, sig, sig_len) +#define _libssh2_rsa_sha1_verify(rsactx, sig, sig_len, m, m_len) \ + _libssh2_wincng_rsa_sha1_verify(rsactx, sig, sig_len, m, m_len) +#define _libssh2_rsa_free(rsactx) \ + _libssh2_wincng_rsa_free(rsactx) + +/* + * Windows CNG backend: DSA functions + */ + +#define libssh2_dsa_ctx _libssh2_wincng_key_ctx +#define _libssh2_dsa_new(dsactx, p, p_len, q, q_len, \ + g, g_len, y, y_len, x, x_len) \ + _libssh2_wincng_dsa_new(dsactx, p, p_len, q, q_len, \ + g, g_len, y, y_len, x, x_len) +#define _libssh2_dsa_new_private(rsactx, s, filename, passphrase) \ + _libssh2_wincng_dsa_new_private(rsactx, s, filename, passphrase) +#define _libssh2_dsa_sha1_sign(dsactx, hash, hash_len, sig) \ + _libssh2_wincng_dsa_sha1_sign(dsactx, hash, hash_len, sig) +#define _libssh2_dsa_sha1_verify(dsactx, sig, m, m_len) \ + _libssh2_wincng_dsa_sha1_verify(dsactx, sig, m, m_len) +#define _libssh2_dsa_free(dsactx) \ + _libssh2_wincng_dsa_free(dsactx) + +/* + * Windows CNG backend: Key functions + */ + +#define _libssh2_pub_priv_keyfile(s, m, m_len, p, p_len, pk, pw) \ + _libssh2_wincng_pub_priv_keyfile(s, m, m_len, p, p_len, pk, pw) + + +/*******************************************************************/ +/* + * Windows CNG backend: Cipher Context structure + */ + +struct _libssh2_wincng_cipher_ctx { + BCRYPT_KEY_HANDLE hKey; + unsigned char *pbKeyObject; + unsigned char *pbIV; + unsigned long dwKeyObject; + unsigned long dwIV; + unsigned long dwBlockLength; +}; + +#define _libssh2_cipher_ctx struct _libssh2_wincng_cipher_ctx + +/* + * Windows CNG backend: Cipher Type structure + */ + +struct _libssh2_wincng_cipher_type { + BCRYPT_ALG_HANDLE *phAlg; + unsigned long dwKeyLength; + unsigned long dwUseIV; +}; + +#define _libssh2_cipher_type(type) struct _libssh2_wincng_cipher_type type + +#define _libssh2_cipher_aes256ctr { NULL, 32, 1 } /* not supported */ +#define _libssh2_cipher_aes192ctr { NULL, 24, 1 } /* not supported */ +#define _libssh2_cipher_aes128ctr { NULL, 16, 1 } /* not supported */ +#define _libssh2_cipher_aes256 { &_libssh2_wincng.hAlgAES_CBC, 32, 1 } +#define _libssh2_cipher_aes192 { &_libssh2_wincng.hAlgAES_CBC, 24, 1 } +#define _libssh2_cipher_aes128 { &_libssh2_wincng.hAlgAES_CBC, 16, 1 } +#define _libssh2_cipher_blowfish { NULL, 16, 0 } /* not supported */ +#define _libssh2_cipher_arcfour { &_libssh2_wincng.hAlgRC4_NA, 16, 0 } +#define _libssh2_cipher_cast5 { NULL, 16, 0 } /* not supported */ +#define _libssh2_cipher_3des { &_libssh2_wincng.hAlg3DES_CBC, 24, 1 } + +/* + * Windows CNG backend: Cipher functions + */ + +#define _libssh2_cipher_init(ctx, type, iv, secret, encrypt) \ + _libssh2_wincng_cipher_init(ctx, type, iv, secret, encrypt) +#define _libssh2_cipher_crypt(ctx, type, encrypt, block, blocklen) \ + _libssh2_wincng_cipher_crypt(ctx, type, encrypt, block, blocklen) +#define _libssh2_cipher_dtor(ctx) \ + _libssh2_wincng_cipher_dtor(ctx) + +/*******************************************************************/ +/* + * Windows CNG backend: BigNumber Context + */ + +#define _libssh2_bn_ctx int /* not used */ +#define _libssh2_bn_ctx_new() 0 /* not used */ +#define _libssh2_bn_ctx_free(bnctx) ((void)0) /* not used */ + + +/*******************************************************************/ +/* + * Windows CNG backend: BigNumber structure + */ + +struct _libssh2_wincng_bignum { + unsigned char *bignum; + unsigned long length; +}; + +#define _libssh2_bn struct _libssh2_wincng_bignum + +/* + * Windows CNG backend: BigNumber functions + */ + +_libssh2_bn *_libssh2_wincng_bignum_init(void); + +#define _libssh2_bn_init() \ + _libssh2_wincng_bignum_init() +#define _libssh2_bn_rand(bn, bits, top, bottom) \ + _libssh2_wincng_bignum_rand(bn, bits, top, bottom) +#define _libssh2_bn_mod_exp(r, a, p, m, ctx) \ + _libssh2_wincng_bignum_mod_exp(r, a, p, m, ctx) +#define _libssh2_bn_set_word(bn, word) \ + _libssh2_wincng_bignum_set_word(bn, word) +#define _libssh2_bn_from_bin(bn, len, bin) \ + _libssh2_wincng_bignum_from_bin(bn, len, bin) +#define _libssh2_bn_to_bin(bn, bin) \ + _libssh2_wincng_bignum_to_bin(bn, bin) +#define _libssh2_bn_bytes(bn) bn->length +#define _libssh2_bn_bits(bn) \ + _libssh2_wincng_bignum_bits(bn) +#define _libssh2_bn_free(bn) \ + _libssh2_wincng_bignum_free(bn) -- 1.8.1.msysgit.1 --------------020501080002050005000506 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel --------------020501080002050005000506-- From libssh2-devel-bounces@cool.haxx.se Sun Mar 16 17:06:32 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2GG67q7023764; Sun, 16 Mar 2014 17:06:28 +0100 Received: from foo.stuge.se (qmailr@foo.stuge.se [212.116.89.98]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2GG66oQ023758 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 16 Mar 2014 17:06:06 +0100 Received: (qmail 20889 invoked by uid 501); 16 Mar 2014 16:06:06 -0000 Message-ID: <20140316160606.20888.qmail@stuge.se> Date: Sun, 16 Mar 2014 17:06:06 +0100 From: Peter Stuge To: libssh2-devel@cool.haxx.se Subject: Re: [PATCH] Added Windows Cryptography API: Next Generation backend Mail-Followup-To: libssh2-devel@cool.haxx.se References: <523EA678.8010707@marc-hoersken.de> <20131113020632.28469.qmail@stuge.se> <52895481.30407@marc-hoersken.de> <531B1EDD.4050804@marc-hoersken.de>

<532217AD.4060203@marc-hoersken.de>

<5324FFE3.40106@marc-hoersken.de> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <5324FFE3.40106@marc-hoersken.de> X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Marc Hoersken wrote: > Attached is the latest patch created from my wincng-rc4 branch > From bafb8a9b32dbd14319f1310054297b453a9697d7 Mon Sep 17 00:00:00 2001 > From: Marc Hoersken > Date: Sun, 16 Mar 2014 02:00:17 +0100 > Subject: [PATCH] Added Windows Cryptography API: Next Generation based backend I've just pushed this to libssh2.git - finally it's in! Thank you so very much Marc for adding the WinCNG backend and for helping sort out all the issues with the crypto abstraction! //Peter _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Sun Mar 16 19:41:20 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2GIf0iI010597; Sun, 16 Mar 2014 19:41:17 +0100 Received: from mx.uxnr.de (mx.uxnr.de [89.238.84.47]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2GIexCH010522 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 16 Mar 2014 19:40:59 +0100 Received: from [10.2.1.152] (MH02.ma01.uxnr.net [10.2.1.152]) by mx.uxnr.de (Postfix) with ESMTPSA id ECDB5377BDD for ; Sun, 16 Mar 2014 19:40:56 +0100 (CET) X-DKIM: OpenDKIM Filter v2.6.8 mx.uxnr.de ECDB5377BDD DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=marc-hoersken.de; s=picard; t=1394995257; bh=eJ7qSQYGYxFqCuhEa0BhmatN1Y1tIaKIqDtY2K4Oiho=; h=Date:From:To:Subject:From; b=JR5srIcnasqqFhT817CEY88AZbFCJhMXPpAu6bTXVhU+Dltkt64P+8yeT5md6nifN a+AtDa7JLoxgZ/1fxZ+lh6tdcGIibIMGLhTA5WjsW5HSCe6Twce5+8mIrglwK8Rr5Q DPgaJJGM447D5nlDR3GtyvG83PWikqowBVcJwgrg= Message-ID: <5325F033.7080805@marc-hoersken.de> Date: Sun, 16 Mar 2014 19:40:51 +0100 From: Marc Hoersken User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: libssh2 development Subject: [PATCH] configure: Display individual crypto backends on separate X-Enigmail-Version: 1.6 Content-Type: multipart/mixed; boundary="------------000502050202060407040707" X-Spam-Status: No, score=0.7 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,URIBL_BLACK autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on picard.vpn.uxnr.de X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" This is a multi-part message in MIME format. --------------000502050202060407040707 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit --------------000502050202060407040707 Content-Type: text/plain; charset=windows-1252; name="0001-configure-Display-individual-crypto-backends-on-sepa.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0001-configure-Display-individual-crypto-backends-on-sepa.pa"; filename*1="tch" From 63512331bc4ed2da239211ccd444689688616722 Mon Sep 17 00:00:00 2001 From: Marc Hoersken Date: Sun, 16 Mar 2014 19:39:41 +0100 Subject: [PATCH] configure: Display individual crypto backends on separate lines This avoids line-wrapping in between parameters and makes the error message look like the following: configure: error: No crypto library found! Try --with-libssl-prefix=PATH or --with-libgcrypt-prefix=PATH or --with-wincng on Windows --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 8e52687..ba4dd7a 100644 --- a/configure.ac +++ b/configure.ac @@ -156,8 +156,8 @@ AM_CONDITIONAL(WINCNG, test "$ac_cv_libbcrypt" = "yes") # Check if crypto library was found if test "$found_crypto" = "none"; then AC_MSG_ERROR([No crypto library found! -Try --with-libssl-prefix=PATH\ - or --with-libgcrypt-prefix=PATH\ +Try --with-libssl-prefix=PATH + or --with-libgcrypt-prefix=PATH or --with-wincng on Windows\ ]) fi -- 1.8.1.msysgit.1 --------------000502050202060407040707 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel --------------000502050202060407040707-- From libssh2-devel-bounces@cool.haxx.se Sun Mar 16 20:05:52 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2GJ5jHq007893; Sun, 16 Mar 2014 20:05:50 +0100 Received: from mx.uxnr.de (mx.uxnr.de [89.238.84.47]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2GJ5ixC007829 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 16 Mar 2014 20:05:44 +0100 Received: from [10.2.1.152] (MH02.ma01.uxnr.net [10.2.1.152]) by mx.uxnr.de (Postfix) with ESMTPSA id C2F4C377BDD for ; Sun, 16 Mar 2014 20:05:39 +0100 (CET) X-DKIM: OpenDKIM Filter v2.6.8 mx.uxnr.de C2F4C377BDD DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=marc-hoersken.de; s=picard; t=1394996740; bh=FQYWbRRJ2RnDU4u1D92Sy/wMe1Hzcb1IDadHPhcLKts=; h=Date:From:To:Subject:From; b=vvYmYjvVkJShixbAwnVrdTVevGn7mZBXewmYArfGHmDkQMjiP88P0pJS/V87tY1Ik OaqvSVnx+EpcPq8dd87vhV9gBd7dc5ZgyePtp3bfWMKSvb0diI1iit441V8vS6n5Xl xDld3YzzZjk5GTRISR3k9Z7UG63spkNlL8cE2S/Q= Message-ID: <5325F5FF.2060703@marc-hoersken.de> Date: Sun, 16 Mar 2014 20:05:35 +0100 From: Marc Hoersken User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: libssh2 development Subject: [PATCH] wincng: Added explicit memory overwrite feature to WinCNG, backend X-Enigmail-Version: 1.6 Content-Type: multipart/mixed; boundary="------------040803090305010409090603" X-Spam-Status: No, score=0.7 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,URIBL_BLACK autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on picard.vpn.uxnr.de X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" This is a multi-part message in MIME format. --------------040803090305010409090603 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Hello everyone, this feature was originally part of the WinCNG crypto backend, but was dropped in order to get the backend merge-ready on its own. Now that the WinCNG backend has been merged, I think that the feature is open for discussion and improvement. Attached you will find a slightly modified version of the initial feature that matches the current WinCNG backend. Best regards, Marc --------------040803090305010409090603 Content-Type: text/plain; charset=windows-1252; name="0001-wincng-Added-explicit-memory-overwrite-feature-to-Wi.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0001-wincng-Added-explicit-memory-overwrite-feature-to-Wi.pa"; filename*1="tch" From abd5177ec1c1bb05c77bc6c6eb1a0d6bb61334f4 Mon Sep 17 00:00:00 2001 From: Marc Hoersken Date: Sun, 16 Mar 2014 20:02:17 +0100 Subject: [PATCH] wincng: Added explicit memory overwrite feature to WinCNG backend This re-introduces the original feature proposed during the development of the WinCNG crypto backend. It still needs to be added to libssh2 itself and probably other backends. --- configure.ac | 7 +++ src/wincng.c | 174 +++++++++++++++++++++++++++++++++-------------------------- 2 files changed, 106 insertions(+), 75 deletions(-) diff --git a/configure.ac b/configure.ac index 8e52687..c0a9b91 100644 --- a/configure.ac +++ b/configure.ac @@ -197,6 +197,13 @@ if test "$GEX_NEW" != "no"; then AC_DEFINE(LIBSSH2_DH_GEX_NEW, 1, [Enable newer diffie-hellman-group-exchange-sha1 syntax]) fi +AC_ARG_ENABLE(memory-overwrite, + AC_HELP_STRING([--disable-memory-overwrite],[Disable memory overwrite before being freed]), + [MEMORY_OVERWRITE=$enableval]) +if test "$MEMORY_OVERWRITE" != "no"; then + AC_DEFINE(LIBSSH2_MEMORY_OVERWRITE, 1, [Enable memory overwrite before being freed]) +fi + dnl ************************************************************ dnl option to switch on compiler debug options dnl diff --git a/src/wincng.c b/src/wincng.c index 398fe89..6493f06 100644 --- a/src/wincng.c +++ b/src/wincng.c @@ -255,6 +255,22 @@ _libssh2_wincng_random(void *buf, int len) == STATUS_SUCCESS ? 0 : -1; } +static void +_libssh2_wincng_mfree(void *buf, int len) +{ + if (!buf) + return; + +#ifdef LIBSSH2_MEMORY_OVERWRITE + if (len > 0) + _libssh2_wincng_random(buf, len); +#else + (void)len; +#endif + + free(buf); +} + /*******************************************************************/ /* @@ -297,7 +313,7 @@ _libssh2_wincng_hash_init(_libssh2_wincng_hash_ctx *ctx, pbHashObject, dwHashObject, key, keylen, 0); if (ret != STATUS_SUCCESS) { - free(pbHashObject); + _libssh2_wincng_mfree(pbHashObject, dwHashObject); return -1; } @@ -327,11 +343,9 @@ _libssh2_wincng_hash_final(_libssh2_wincng_hash_ctx *ctx, ret = BCryptFinishHash(ctx->hHash, hash, ctx->cbHash, 0); BCryptDestroyHash(ctx->hHash); + ctx->hHash = 0; - if (ctx->pbHashObject) - free(ctx->pbHashObject); - - memset(ctx, 0, sizeof(_libssh2_wincng_hash_ctx)); + _libssh2_wincng_mfree(ctx->pbHashObject, ctx->dwHashObject); return ret; } @@ -372,11 +386,9 @@ void _libssh2_wincng_hmac_cleanup(_libssh2_wincng_hash_ctx *ctx) { BCryptDestroyHash(ctx->hHash); + ctx->hHash = 0; - if (ctx->pbHashObject) - free(ctx->pbHashObject); - - memset(ctx, 0, sizeof(_libssh2_wincng_hash_ctx)); + _libssh2_wincng_mfree(ctx->pbHashObject, ctx->dwHashObject); } @@ -418,17 +430,17 @@ _libssh2_wincng_key_sha1_verify(_libssh2_wincng_key_ctx *ctx, _libssh2_wincng.hAlgHashSHA1, hash, hashlen); - free(data); + _libssh2_wincng_mfree(data, datalen); if (ret) { - free(hash); + _libssh2_wincng_mfree(hash, hashlen); return -1; } datalen = sig_len; data = malloc(datalen); if (!data) { - free(hash); + _libssh2_wincng_mfree(hash, hashlen); return -1; } @@ -442,8 +454,8 @@ _libssh2_wincng_key_sha1_verify(_libssh2_wincng_key_ctx *ctx, ret = BCryptVerifySignature(ctx->hKey, pPaddingInfo, hash, hashlen, data, datalen, flags); - free(hash); - free(data); + _libssh2_wincng_mfree(hash, hashlen); + _libssh2_wincng_mfree(data, datalen); return ret == STATUS_SUCCESS ? 0 : -1; } @@ -535,7 +547,7 @@ _libssh2_wincng_asn_decode(unsigned char *pbEncoded, pbEncoded, cbEncoded, 0, NULL, pbDecoded, &cbDecoded); if (!ret) { - free(pbDecoded); + _libssh2_wincng_mfree(pbDecoded, cbDecoded); return -1; } @@ -605,7 +617,7 @@ _libssh2_wincng_asn_decode_bn(unsigned char *pbEncoded, *ppbDecoded = pbDecoded; *pcbDecoded = cbDecoded; } - free(pbInteger); + _libssh2_wincng_mfree(pbInteger, cbInteger); } return ret; @@ -645,12 +657,9 @@ _libssh2_wincng_asn_decode_bns(unsigned char *pbEncoded, } if (ret) { - for (length = 0; length < index; length++) { - if (rpbDecoded[length]) { - free(rpbDecoded[length]); - rpbDecoded[length] = NULL; - } - } + for (length = 0; length < index; length++) + _libssh2_wincng_mfree(rpbDecoded[length], + rcbDecoded[length]); } else { *prpbDecoded = rpbDecoded; *prcbDecoded = rcbDecoded; @@ -665,7 +674,7 @@ _libssh2_wincng_asn_decode_bns(unsigned char *pbEncoded, ret = -1; } - free(pbDecoded); + _libssh2_wincng_mfree(pbDecoded, cbDecoded); } return ret; @@ -811,7 +820,7 @@ _libssh2_wincng_rsa_new(libssh2_rsa_ctx **rsa, ret = BCryptImportKeyPair(_libssh2_wincng.hAlgRSA, NULL, lpszBlobType, &hKey, key, keylen, 0); if (ret != STATUS_SUCCESS) { - free(key); + _libssh2_wincng_mfree(key, keylen); return -1; } @@ -819,7 +828,7 @@ _libssh2_wincng_rsa_new(libssh2_rsa_ctx **rsa, *rsa = malloc(sizeof(libssh2_rsa_ctx)); if (!(*rsa)) { BCryptDestroyKey(hKey); - free(key); + _libssh2_wincng_mfree(key, keylen); return -1; } @@ -855,7 +864,7 @@ _libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa, PKCS_RSA_PRIVATE_KEY, &pbStructInfo, &cbStructInfo); - free(pbEncoded); + _libssh2_wincng_mfree(pbEncoded, cbEncoded); if (ret) { return -1; @@ -866,7 +875,7 @@ _libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa, LEGACY_RSAPRIVATE_BLOB, &hKey, pbStructInfo, cbStructInfo, 0); if (ret != STATUS_SUCCESS) { - free(pbStructInfo); + _libssh2_wincng_mfree(pbStructInfo, cbStructInfo); return -1; } @@ -874,7 +883,7 @@ _libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa, *rsa = malloc(sizeof(libssh2_rsa_ctx)); if (!(*rsa)) { BCryptDestroyKey(hKey); - free(pbStructInfo); + _libssh2_wincng_mfree(pbStructInfo, cbStructInfo); return -1; } @@ -948,7 +957,7 @@ _libssh2_wincng_rsa_sha1_sign(LIBSSH2_SESSION *session, ret = STATUS_NO_MEMORY; } - free(data); + _libssh2_wincng_mfree(data, datalen); return ret == STATUS_SUCCESS ? 0 : -1; } @@ -956,16 +965,10 @@ _libssh2_wincng_rsa_sha1_sign(LIBSSH2_SESSION *session, void _libssh2_wincng_rsa_free(libssh2_rsa_ctx *rsa) { - if (!rsa) - return; - BCryptDestroyKey(rsa->hKey); - if (rsa->pbKeyObject) - free(rsa->pbKeyObject); - - memset(rsa, 0, sizeof(libssh2_rsa_ctx)); - free(rsa); + _libssh2_wincng_mfree(rsa->pbKeyObject, rsa->cbKeyObject); + _libssh2_wincng_mfree(rsa, sizeof(libssh2_rsa_ctx)); } @@ -1059,7 +1062,7 @@ _libssh2_wincng_dsa_new(libssh2_dsa_ctx **dsa, ret = BCryptImportKeyPair(_libssh2_wincng.hAlgDSA, NULL, lpszBlobType, &hKey, key, keylen, 0); if (ret != STATUS_SUCCESS) { - free(key); + _libssh2_wincng_mfree(key, keylen); return -1; } @@ -1067,7 +1070,7 @@ _libssh2_wincng_dsa_new(libssh2_dsa_ctx **dsa, *dsa = malloc(sizeof(libssh2_dsa_ctx)); if (!(*dsa)) { BCryptDestroyKey(hKey); - free(key); + _libssh2_wincng_mfree(key, keylen); return -1; } @@ -1101,7 +1104,7 @@ _libssh2_wincng_dsa_new_private(libssh2_dsa_ctx **dsa, ret = _libssh2_wincng_asn_decode_bns(pbEncoded, cbEncoded, &rpbDecoded, &rcbDecoded, &length); - free(pbEncoded); + _libssh2_wincng_mfree(pbEncoded, cbEncoded); if (ret) { return -1; @@ -1119,12 +1122,8 @@ _libssh2_wincng_dsa_new_private(libssh2_dsa_ctx **dsa, ret = -1; } - for (index = 0; index < length; index++) { - if (rpbDecoded[index]) { - free(rpbDecoded[index]); - rpbDecoded[index] = NULL; - } - } + for (index = 0; index < length; index++) + _libssh2_wincng_mfree(rpbDecoded[index], rcbDecoded[index]); free(rpbDecoded); free(rcbDecoded); @@ -1181,14 +1180,14 @@ _libssh2_wincng_dsa_sha1_sign(libssh2_dsa_ctx *dsa, memcpy(sig_fixed, sig, siglen); } - free(sig); + _libssh2_wincng_mfree(sig, siglen); } else ret = STATUS_NO_MEMORY; } else ret = STATUS_NO_MEMORY; } - free(data); + _libssh2_wincng_mfree(data, datalen); return ret == STATUS_SUCCESS ? 0 : -1; } @@ -1196,16 +1195,10 @@ _libssh2_wincng_dsa_sha1_sign(libssh2_dsa_ctx *dsa, void _libssh2_wincng_dsa_free(libssh2_dsa_ctx *dsa) { - if (!dsa) - return; - BCryptDestroyKey(dsa->hKey); - if (dsa->pbKeyObject) - free(dsa->pbKeyObject); - - memset(dsa, 0, sizeof(libssh2_dsa_ctx)); - free(dsa); + _libssh2_wincng_mfree(dsa->pbKeyObject, dsa->cbKeyObject); + _libssh2_wincng_mfree(dsa, sizeof(libssh2_dsa_ctx)); } #endif @@ -1255,7 +1248,7 @@ _libssh2_wincng_pub_priv_keyfile(LIBSSH2_SESSION *session, ret = _libssh2_wincng_asn_decode_bns(pbEncoded, cbEncoded, &rpbDecoded, &rcbDecoded, &length); - free(pbEncoded); + _libssh2_wincng_mfree(pbEncoded, cbEncoded); if (ret) { return -1; @@ -1327,12 +1320,8 @@ _libssh2_wincng_pub_priv_keyfile(LIBSSH2_SESSION *session, } - for (index = 0; index < length; index++) { - if (rpbDecoded[index]) { - free(rpbDecoded[index]); - rpbDecoded[index] = NULL; - } - } + for (index = 0; index < length; index++) + _libssh2_wincng_mfree(rpbDecoded[index], rcbDecoded[index]); free(rpbDecoded); free(rcbDecoded); @@ -1427,10 +1416,10 @@ _libssh2_wincng_cipher_init(_libssh2_cipher_ctx *ctx, ret = BCryptImportKey(*type.phAlg, NULL, BCRYPT_KEY_DATA_BLOB, &hKey, pbKeyObject, dwKeyObject, key, keylen, 0); - free(key); + _libssh2_wincng_mfree(key, keylen); if (ret != STATUS_SUCCESS) { - free(pbKeyObject); + _libssh2_wincng_mfree(pbKeyObject, dwKeyObject); return -1; } @@ -1438,7 +1427,7 @@ _libssh2_wincng_cipher_init(_libssh2_cipher_ctx *ctx, pbIV = malloc(dwBlockLength); if (!pbIV) { BCryptDestroyKey(hKey); - free(pbKeyObject); + _libssh2_wincng_mfree(pbKeyObject, dwKeyObject); return -1; } dwIV = dwBlockLength; @@ -1497,7 +1486,7 @@ _libssh2_wincng_cipher_crypt(_libssh2_cipher_ctx *ctx, memcpy(block, pbOutput, cbOutput); } - free(pbOutput); + _libssh2_wincng_mfree(pbOutput, cbOutput); } else ret = STATUS_NO_MEMORY; } @@ -1510,12 +1499,11 @@ _libssh2_wincng_cipher_dtor(_libssh2_cipher_ctx *ctx) { BCryptDestroyKey(ctx->hKey); - if (ctx->pbKeyObject) { - free(ctx->pbKeyObject); - ctx->pbKeyObject = NULL; - } + _libssh2_wincng_mfree(ctx->pbKeyObject, ctx->dwKeyObject); - memset(ctx, 0, sizeof(_libssh2_cipher_ctx)); +#ifdef LIBSSH2_MEMORY_OVERWRITE + _libssh2_wincng_random(ctx, sizeof(_libssh2_cipher_ctx)); +#endif } @@ -1547,12 +1535,36 @@ _libssh2_wincng_bignum_resize(_libssh2_bn *bn, unsigned long length) if (length == bn->length) return 0; +#ifdef LIBSSH2_MEMORY_OVERWRITE + if (length == 0 && bn->bignum && bn->length > 0) { + _libssh2_wincng_mfree(bn->bignum, bn->length); + + bn->bignum = NULL; + bn->length = 0; + + return 0; + } + + bignum = malloc(length); + if (!bignum) + return -1; + + if (bn->bignum) { + memcpy(bignum, bn->bignum, min(length, bn->length)); + + _libssh2_wincng_mfree(bn->bignum, bn->length); + } + + bn->bignum = bignum; + bn->length = length; +#else bignum = realloc(bn->bignum, length); if (!bignum) return -1; bn->bignum = bignum; bn->length = length; +#endif return 0; } @@ -1654,7 +1666,7 @@ _libssh2_wincng_bignum_mod_exp(_libssh2_bn *r, r->bignum, r->length, &offset, BCRYPT_PAD_NONE); - free(bignum); + _libssh2_wincng_mfree(bignum, length); if (ret == STATUS_SUCCESS) { _libssh2_wincng_bignum_resize(r, offset); @@ -1668,7 +1680,7 @@ _libssh2_wincng_bignum_mod_exp(_libssh2_bn *r, BCryptDestroyKey(hKey); } - free(key); + _libssh2_wincng_mfree(key, keylen); return ret == STATUS_SUCCESS ? 0 : -1; } @@ -1738,6 +1750,17 @@ _libssh2_wincng_bignum_from_bin(_libssh2_bn *bn, unsigned long len, offset = bn->length - length; if (offset > 0) { +#ifdef LIBSSH2_MEMORY_OVERWRITE + bignum = malloc(length); + if (bignum) { + memcpy(bignum, bn->bignum + offset, length); + + _libssh2_wincng_mfree(bn->bignum, bn->length); + + bn->bignum = bignum; + bn->length = length; + } +#else memmove(bn->bignum, bn->bignum + offset, length); bignum = realloc(bn->bignum, length); @@ -1745,6 +1768,7 @@ _libssh2_wincng_bignum_from_bin(_libssh2_bn *bn, unsigned long len, bn->bignum = bignum; bn->length = length; } +#endif } } } @@ -1763,7 +1787,7 @@ _libssh2_wincng_bignum_free(_libssh2_bn *bn) { if (bn) { if (bn->bignum) { - free(bn->bignum); + _libssh2_wincng_mfree(bn->bignum, bn->length); bn->bignum = NULL; } bn->length = 0; -- 1.8.1.msysgit.1 --------------040803090305010409090603 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel --------------040803090305010409090603-- From libssh2-devel-bounces@cool.haxx.se Mon Mar 17 16:50:33 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2HFo6Xe016933; Mon, 17 Mar 2014 16:50:29 +0100 Received: from bay0-omc4-s6.bay0.hotmail.com (bay0-omc4-s6.bay0.hotmail.com [65.54.190.208]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2HFo4sN016344 for ; Mon, 17 Mar 2014 16:50:04 +0100 Received: from BAY407-EAS282 ([65.54.190.200]) by bay0-omc4-s6.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 17 Mar 2014 08:49:59 -0700 X-TMN: [rbBqPb4UOS9Nspx3CY55aOJOFUBBZ1sk] X-Originating-Email: [bob_2824@hotmail.com] Message-ID: From: Bob Kast To: "'libssh2 development'" References: In-Reply-To: Subject: RE: SFTP read problems Date: Mon, 17 Mar 2014 11:49:57 -0400 MIME-Version: 1.0 X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQABAgMEXC+3KMz7h9TL5m2nWwj6OgD9U0lcAKgDdH6edMGCwA== Content-Language: en-us X-OriginalArrivalTime: 17 Mar 2014 15:49:59.0076 (UTC) FILETIME=[8D06C640:01CF41F8] X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.16 Precedence: list Reply-To: libssh2 development List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" I've tested this on a different SFTP server and the problem doesn't exist. It appears that the SFTP server our company is using has this bug. Thanks for your help, Bob -----Original Message----- From: libssh2-devel [mailto:libssh2-devel-bounces@cool.haxx.se] On Behalf Of Daniel Stenberg Sent: Wednesday, March 12, 2014 3:42 PM To: libssh2 development Subject: Re: SFTP read problems On Sat, 8 Mar 2014, Bob Kast wrote: > When doing a read a file that is about 12k, it fails partway through > with LIBSSH2_ERROR_SFTP_PROTOCOL. In looking closer, it is at this > point in > sftp.c: > > if(rc32 > chunk->len) { > /* A chunk larger than we requested was returned to us. > This is a protocol violation and we don't know how to > deal with it. Bail out! */ > return _libssh2_error(session, > LIBSSH2_ERROR_SFTP_PROTOCOL, > "FXP_READ response too big"); > } > > My code requests a block of 4096. It multiplies that by 4 (16,384), > then it starts doing packets requesting 2000 characters. After it's > done 8 of these, the 'count' goes down to 384, which is what > chunk->len is set to above. rc32 is set to 2000 so it fails. I assume you're trying with the latest libssh2 version? > I've found if I have the requested buffer at exactly a multiple of > 2000, it seems to work, although I'm somewhat nervous about it working for all cases. > > Is this expected? It is not documented. It is not expected. The check above is there to detect the error situation when a server returns a bigger chunk than what we asked for. libssh2 splits up data sizes into smaller chunks and ask for them one by one, so chunk->len is supposed to be the size of the chunk it asked for. -- / daniel.haxx.se _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Mon Mar 17 17:42:46 2014 Return-Path: Received: from www.haxx.se (list@localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2HGgb1J003861; Mon, 17 Mar 2014 17:42:44 +0100 Received: from bay0-omc4-s19.bay0.hotmail.com (bay0-omc4-s19.bay0.hotmail.com [65.54.190.221]) by giant.haxx.se (8.14.4/8.14.4/Debian-4.1) with ESMTP id s2HGgY2R003778 for ; Mon, 17 Mar 2014 17:42:35 +0100 Received: from BAY407-EAS333 ([65.54.190.199]) by bay0-omc4-s19.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 17 Mar 2014 09:42:30 -0700 X-TMN: [oz9xMK3NFFCsRlBGKaVP9wV/VTy2wPU7] X-Originating-Email: [bob_2824@hotmail.com] Message-ID: From: Bob Kast To: "'libssh2 development'" References: <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20130922151824.23037.qmail@stuge.se> <20130601231229.11420.qmail@stuge.se> <20130602175922.5525.qmail@stuge.se> <523EA678.8010707@marc-hoersken.de> <20131113020632.28469.qmail@stuge.se> <52895481.30407@marc-hoersken.de> <531B1EDD.4050804@marc-hoersken.de>