Hi all,

I'm doing some work on the library and for now I have the attached
three small patches for the AES part of crypt.c.

In a later patch I'll add a common CTR mode, so that backends only
need to provide CBC. I see some work in this direction already.

I'm working on my axTLS branch, it isn't done yet, but it does work.


I am thinking to add some basic algorithm code into libssh2 itself, to
enable a build without any dependencies at all. (At the cost of a reduced
algorithm set; only MD5, SHA1, SHA2, AES, RSA, DH, maybe ChaCha later.)

It would not be high performance, but high convenience. What do you think?


//Peter
From ea7b900e2b803624de93e669de12a5a56fd993f6 Mon Sep 17 00:00:00 2001
From: Peter Stuge <pe...@stuge.se>
Date: Sun, 15 Apr 2018 01:49:42 +0200
Subject: [PATCH 1/3] src/crypt.c: Make AES-192 optional for crypto backends

---
 src/crypt.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/crypt.c b/src/crypt.c
index 4beb0aa..c505b9f 100644
--- a/src/crypt.c
+++ b/src/crypt.c
@@ -131,6 +131,7 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_ctr = {
     _libssh2_cipher_aes128ctr
 };
 
+#ifdef _libssh2_cipher_aes192ctr
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_ctr = {
     "aes192-ctr",
     "",
@@ -143,6 +144,7 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_ctr = {
     &crypt_dtor,
     _libssh2_cipher_aes192ctr
 };
+#endif
 
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_ctr = {
     "aes256-ctr",
@@ -172,6 +174,7 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_cbc = {
     _libssh2_cipher_aes128
 };
 
+#ifdef _libssh2_cipher_aes192
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_cbc = {
     "aes192-cbc",
     "DEK-Info: AES-192-CBC",
@@ -184,6 +187,7 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_cbc = {
     &crypt_dtor,
     _libssh2_cipher_aes192
 };
+#endif
 
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_cbc = {
     "aes256-cbc",
@@ -313,13 +317,17 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = {
 static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
 #if LIBSSH2_AES_CTR
   &libssh2_crypt_method_aes128_ctr,
+#ifdef libssh2_crypt_method_aes192_ctr
   &libssh2_crypt_method_aes192_ctr,
+#endif
   &libssh2_crypt_method_aes256_ctr,
 #endif /* LIBSSH2_AES */
 #if LIBSSH2_AES
     &libssh2_crypt_method_aes256_cbc,
     &libssh2_crypt_method_rijndael_cbc_lysator_liu_se,  /* == aes256-cbc */
+#ifdef libssh2_crypt_method_aes192_cbc
     &libssh2_crypt_method_aes192_cbc,
+#endif
     &libssh2_crypt_method_aes128_cbc,
 #endif /* LIBSSH2_AES */
 #if LIBSSH2_BLOWFISH
-- 
From a6d99abf87ddc7f166d16dc089e825ad1451f197 Mon Sep 17 00:00:00 2001
From: Peter Stuge <pe...@stuge.se>
Date: Sun, 15 Apr 2018 01:54:43 +0200
Subject: [PATCH 2/3] src/crypt.c: List AES algorithms individually in
 _libssh2_crypt_methods

This makes it easy to reorder the list later.
---
 src/crypt.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/crypt.c b/src/crypt.c
index c505b9f..4da76be 100644
--- a/src/crypt.c
+++ b/src/crypt.c
@@ -315,21 +315,25 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = {
 #endif
 
 static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
-#if LIBSSH2_AES_CTR
+#ifdef libssh2_crypt_method_aes128_ctr
   &libssh2_crypt_method_aes128_ctr,
+#endif
 #ifdef libssh2_crypt_method_aes192_ctr
   &libssh2_crypt_method_aes192_ctr,
 #endif
+#ifdef libssh2_crypt_method_aes256_ctr
   &libssh2_crypt_method_aes256_ctr,
-#endif /* LIBSSH2_AES */
-#if LIBSSH2_AES
+#endif
+#ifdef libssh2_crypt_method_aes256_cbc
     &libssh2_crypt_method_aes256_cbc,
     &libssh2_crypt_method_rijndael_cbc_lysator_liu_se,  /* == aes256-cbc */
+#endif
 #ifdef libssh2_crypt_method_aes192_cbc
     &libssh2_crypt_method_aes192_cbc,
 #endif
+#ifdef libssh2_crypt_method_aes128_cbc
     &libssh2_crypt_method_aes128_cbc,
-#endif /* LIBSSH2_AES */
+#endif
 #if LIBSSH2_BLOWFISH
     &libssh2_crypt_method_blowfish_cbc,
 #endif /* LIBSSH2_BLOWFISH */
-- 
From dd4bab122b41cab4e9a9a7980227014ea50216e7 Mon Sep 17 00:00:00 2001
From: Peter Stuge <pe...@stuge.se>
Date: Sun, 15 Apr 2018 01:57:21 +0200
Subject: [PATCH 3/3] src/crypt.c: Make AES algorithm list
 aes{256,192,128}-{ctr,cbc}

The new order prefers larger keys and CTR over CBC for each key size:

aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc

The order of the algorithm list determines the default KEX message.

The default KEX message can, as before, be overridden using:

libssh2_session_method_pref(..., LIBSSH2_METHOD_CRYPT_{CS,SC}, ...)
---
 src/crypt.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/crypt.c b/src/crypt.c
index 4da76be..9a4ccf4 100644
--- a/src/crypt.c
+++ b/src/crypt.c
@@ -315,12 +315,6 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = {
 #endif
 
 static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
-#ifdef libssh2_crypt_method_aes128_ctr
-  &libssh2_crypt_method_aes128_ctr,
-#endif
-#ifdef libssh2_crypt_method_aes192_ctr
-  &libssh2_crypt_method_aes192_ctr,
-#endif
 #ifdef libssh2_crypt_method_aes256_ctr
   &libssh2_crypt_method_aes256_ctr,
 #endif
@@ -328,9 +322,15 @@ static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
     &libssh2_crypt_method_aes256_cbc,
     &libssh2_crypt_method_rijndael_cbc_lysator_liu_se,  /* == aes256-cbc */
 #endif
+#ifdef libssh2_crypt_method_aes192_ctr
+  &libssh2_crypt_method_aes192_ctr,
+#endif
 #ifdef libssh2_crypt_method_aes192_cbc
     &libssh2_crypt_method_aes192_cbc,
 #endif
+#ifdef libssh2_crypt_method_aes128_ctr
+  &libssh2_crypt_method_aes128_ctr,
+#endif
 #ifdef libssh2_crypt_method_aes128_cbc
     &libssh2_crypt_method_aes128_cbc,
 #endif
-- 
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Reply via email to