Subject: Re: [PATCH] Added Windows Cryptography API: Next Generation backend

Re: [PATCH] Added Windows Cryptography API: Next Generation backend

From: Marc Hoersken <info_at_marc-hoersken.de>
Date: Thu, 13 Mar 2014 21:40:13 +0100

On 13.03.2014 15:18, Bob Kast wrote:
> Going through openssl.h to see what needed to be done, the hashes were
> pretty simple except that LIBSSH2_HMAC_RIPEMD is not supported by WinCNG.

Yes, that is true. There is currently no direct way to implement RIPEMD
using the CryptoAPI or WinCNG.

> Supporting encryption/signing was less clear to me.

RSA and DSA as well as AES, RC4 and 3DES are supported by WinCNG.

> The following are also not supported by WinCNG:
> LIBSSH2_AES_CTR
> LIBSSH2_BLOWFISH
> LIBSSH2_CAST

Yes, that is correct as well.

> Modes WinCNG supports for AES:
> - ECB
> - CBC
> - CFB
> - CCM
> - GCM

AES-CTR could probably be implemented on top of EBC, just like it's done
if OpenSSL was built without it.

> Not sure what _libssh2_bn would map to.

I found a way to use RSA encryption in order to implement the required
math functions (e.g. modular exponentiation) by using it with big
numbers stored as byte arrays.
This is also the reason why I had to use WinCNG instead of CryptoAPI,
since the later one is limited to a 4-byte exponent.
Please see my original mail for a longer explanation:
http://libssh2.org/mail/libssh2-devel-archive-2013-05/0011.shtml

> My purpose for using libssh2 is to implement SFTP. What does WinCNG need to
> provide in order for SFTP to be fully implemented?

I tested my implementation against an OpenSSH and Bitvise SSH Server
using the implemented algorithms and everything worked fine.
It seems like all required functionality is implemented.
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2014-03-13