95#ifndef DETERMINISTICESPASYNCWEBSERVER_SSH_KEYMAT_H
96#define DETERMINISTICESPASYNCWEBSERVER_SSH_KEYMAT_H
133static inline bool ssh_mac_is_etm(uint8_t mac_mode)
138static inline uint8_t ssh_mac_len(uint8_t mac_mode)
160static inline void ssh_wipe(
void *ptr,
size_t len)
162 volatile uint8_t *p = (
volatile uint8_t *)ptr;
163 for (
size_t i = 0; i < len; i++)
260static inline void ssh_keymat_wipe(uint8_t i)
267static inline void ssh_dh_wipe(uint8_t i)
User-facing configuration for DeterministicESPAsyncWebServer.
#define MAX_SSH_CONNS
Maximum simultaneous SSH connections.
AES-256-CTR stream cipher context and API.
AES-256-GCM AEAD for SSH (aes256-gcm@openssh.com, RFC 5647).
2048-bit big-integer arithmetic for DH-group14 and RSA-2048.
chacha20-poly1305@openssh.com AEAD cipher (OpenSSH PROTOCOL.chacha20poly1305).
#define SSH_CHACHAPOLY_KEY_LEN
two 256-bit ChaCha20 keys
@ SSH_CIPHER_CHACHA20POLY1305
chacha20-poly1305@openssh.com (AEAD; no separate MAC)
@ SSH_CIPHER_AES256GCM
aes256-gcm@openssh.com (AEAD, RFC 5647; no separate MAC)
@ SSH_CIPHER_AES256CTR
aes256-ctr + a separate HMAC (the fallback)
SshDhState ssh_dh[MAX_SSH_CONNS]
Pool of ephemeral DH state, one entry per MAX_SSH_CONNS.
SshKeyMat ssh_keys[MAX_SSH_CONNS]
Pool of session key material, one entry per MAX_SSH_CONNS.
@ SSH_MAC_HMAC_SHA256_ETM
hmac-sha2-256-etm@openssh.com (encrypt-then-MAC)
@ SSH_MAC_HMAC_SHA256
hmac-sha2-256 (encrypt-and-MAC, RFC 4253)
@ SSH_MAC_HMAC_SHA512
hmac-sha2-512 (encrypt-and-MAC)
@ SSH_MAC_HMAC_SHA512_ETM
hmac-sha2-512-etm@openssh.com (encrypt-then-MAC)
AES-256-GCM context for one SSH direction (HW AES on ESP32).
A 2048-bit unsigned integer stored as 64 little-endian 32-bit limbs.
Ephemeral Diffie-Hellman state for one SSH connection.
SshBigNum K
Shared DH secret = e^y mod p (SENSITIVE - wiped after key derivation).
SshBigNum f
Server DH public value = g^y mod p (sent to client).
SshBigNum y
Server ephemeral private DH scalar (SENSITIVE - wiped after KEX).
uint8_t H[32]
SHA-256 exchange hash; doubles as session_id after first KEX.
bool kex_done
True once NEWKEYS has been sent and received.
AES-256-CTR + HMAC-SHA2-256 session keys for one SSH connection.
SshAesGcmCtx gcm_s2c
server-to-client AES-256-GCM (server seals outbound with it).
uint8_t mac_key_c2s[64]
HMAC key, client-to-server (aes mode); 32 bytes for SHA-256, 64 for SHA-512.
SshAesCtrCtx c2s_ctx
Client→server cipher (AES-256-CTR); server decrypts inbound with it.
SshAesGcmCtx gcm_c2s
client-to-server AES-256-GCM (server opens inbound with it).
uint8_t cipher_mode
SSH_CIPHER_* selected for this session (0 = aes256-ctr).
uint8_t mac_key_s2c[64]
HMAC key, server-to-client (aes mode).
bool active
True once keys are installed after successful KEX.
uint8_t chacha_key_c2s[SSH_CHACHAPOLY_KEY_LEN]
client-to-server, used only in chacha mode.
uint8_t chacha_key_s2c[SSH_CHACHAPOLY_KEY_LEN]
server-to-client, used only in chacha mode.
uint8_t mac_mode
SSH_MAC_* selected for the aes256-ctr cipher (0 = hmac-sha2-256 E&M).
SshAesCtrCtx s2c_ctx
Server→client cipher (AES-256-CTR); server encrypts outbound with it.