botan icon indicating copy to clipboard operation
botan copied to clipboard

Published 20 hours ago verified publisher icon randombit

Examples Botan dh, pk verify and sign and en/decrypt.

Open stefbon opened this issue 4 years ago • 2 comments

Hi,

I'm working on a service for Linux which has to provides network service like sharing files via a central server using SSH and sftp through FUSE. Other things I want to add is: text - and/or videochat through a ssh channel, backup and access to previous versions of a file via network/fuse, a central CA for large networks with a lot of clients, an api for applications to connect to a remote server using SSH (though connecting to OSNS and requesting to connect/bind to a socket). See:

https://github.com/stefbon/OSNS

Now I'm using libgcrypt for doing the crypto, and I want more than one crypto library as backend. I've been looking for examples in C, but did not find one yet. Can you point me to to examples in C for:

  • classic Diffie-Hellman using modular groups
  • modern ECDH using elliptic curves (curve25519).
  • reading and writing of public keys from buffers like openssh stores those
  • doing en- and decryption for modern algos like AES (ctr) and [email protected]
  • verify and sign for pk algo's like RSA, DSS and ED25519.
  • hashing and hmac

Thanks in advance.

Stef Bon

stefbon avatar Jan 11 '21 07:01 stefbon

The FFI tests should provide decent examples for most of these

classic Diffie-Hellman using modular groups

https://github.com/randombit/botan/blob/master/src/tests/test_ffi.cpp#L2650

modern ECDH using elliptic curves (curve25519).

https://github.com/randombit/botan/blob/master/src/tests/test_ffi.cpp#L2504

reading and writing of public keys from buffers like openssh stores those

There isn't any support for SSH key formats (is there even an actual specification of this format?) so you'd have to write some code to get the fields using eg botan_privkey_get_field and then encode them however SSH does it.

doing en- and decryption for modern algos like AES (ctr) and [email protected]

CTR: https://github.com/randombit/botan/blob/master/src/tests/test_ffi.cpp#L824 AEADs: https://github.com/randombit/botan/blob/master/src/tests/test_ffi.cpp#L624 (this is testing AES/GCM but if you replace "AES-128/GCM" with "ChaCha20Poly1305" same interface is used)

verify and sign for pk algo's like RSA, DSS and ED25519.

Ed25519 https://github.com/randombit/botan/blob/master/src/tests/test_ffi.cpp#L2432 RSA https://github.com/randombit/botan/blob/master/src/tests/test_ffi.cpp#L1767 DSA https://github.com/randombit/botan/blob/master/src/tests/test_ffi.cpp#L1923

The signing interface is always the same but there are some algorithm specific functions for getting or setting parameters.

hashing and hmac

HMAC https://github.com/randombit/botan/blob/master/src/tests/test_ffi.cpp#L949 Hashing https://github.com/randombit/botan/blob/master/src/tests/test_ffi.cpp#L873

hth

randombit avatar Jan 11 '21 11:01 randombit

Hi Jack

Thanks a lot!

I have to translate this into C, lucky I've done this before.

And the openssh format specification is somewhere on the website if you dig deep, as well as the format SSH 2.0 uses, which is not clever. I've written my own ASN.1 implementation to read the format for public keys from files openssh uses. I'll try to implement Botan in my program.

Stef

Op ma 11 jan. 2021 om 12:28 schreef Jack Lloyd [email protected]:

stefbon avatar Jan 11 '21 12:01 stefbon