Added OS X Native Crypto Support

Tue, 02 Dec 2014 07:38:31 -0800 

Hello everyone,

Similar to the WinCNG crypto backend I’ve added support for using the OS X 
native crypto support as a libssh2 crypto backend.

https://github.com/keithduncan/libssh2 <https://github.com/keithduncan/libssh2>

SHA1 and MD5 hashes
HMAC_SHA1 and HMAC_MD5 signatures

It supports both [RSA and 
DSA](https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.h#L39-L40
 
<https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.h#L39-L40>)
 asymmetric encryption.

Multiple RSA private key 
[formats](https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.c#L663-L668
 
<https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.c#L663-L668>)
Multiple DSA private key 
[formats](https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.c#L1000-L1005
 
<https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.c#L1000-L1005>).

Private -> Public key file 
[conversion](https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.c#L1382
 
<https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.c#L1382>).

[AES, Blowfish, RC4, CAST, 
3DES](https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.h#L51-L56
 
<https://github.com/keithduncan/libssh2/blob/f58d7de73e379ff7ed5793d08de69be6858dc62c/src/securetransport.h#L51-L56>)
 symmetric encryption.

CCCryptorRef claims to implement AES CTR mode but returns an unimplemented 
error at runtime.

It looks like Nick Zitzmann also started a similar project in 2012 but 
discovered that there’s no public BigNum API in OS X 
http://lists.apple.com/archives/apple-cdsa/2012/Aug/msg00009.html 
<http://lists.apple.com/archives/apple-cdsa/2012/Aug/msg00009.html>

I ran in to the same issue but went ahead and used the private BigNum API he 
references. For this reason I’m not sure that this would be a good candidate 
for submitting upstream. Then again perhaps it could serve as a compelling 
reason for the API to be made public if it would enable OS X native SSH2 crypto.

I hope this is of interest, let me know if there’s any interest in a patch.

Cheers,
Keith


_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Reply via email to