WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated many functions with better error checking.

pull/10/head
John Safranek 2016-07-18 21:21:42 -07:00
parent 1e77d1595b
commit 4041ecf408
2 changed files with 642 additions and 459 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

440
src/internal.c
View File

@ -138,6 +138,9 @@ const char* GetErrorString(int err)
case WS_INVALID_CHANID: case WS_INVALID_CHANID:
return "peer requested invalid channel id"; return "peer requested invalid channel id";
case WS_CRYPTO_FAILED:
return "crypto action failed";
default: default:
return "Unknown error code"; return "Unknown error code";
} }
@ -566,11 +569,21 @@ static int SendBuffered(WOLFSSH* ssh)
static int SendText(WOLFSSH* ssh, const char* text, uint32_t textLen) static int SendText(WOLFSSH* ssh, const char* text, uint32_t textLen)
{ {
GrowBuffer(&ssh->outputBuffer, textLen, 0); int ret = WS_SUCCESS;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = GrowBuffer(&ssh->outputBuffer, textLen, 0);
if (ret == WS_SUCCESS) {
WMEMCPY(ssh->outputBuffer.buffer, text, textLen); WMEMCPY(ssh->outputBuffer.buffer, text, textLen);
ssh->outputBuffer.length = textLen; ssh->outputBuffer.length = textLen;
ret = SendBuffered(ssh);
}
return SendBuffered(ssh); return ret;
} }
@ -1421,13 +1434,29 @@ static int GetString(char* s, uint32_t* sSz,
static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData, static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
uint8_t* buf, uint32_t len, uint32_t* idx) uint8_t* buf, uint32_t len, uint32_t* idx)
{ {
uint32_t begin = *idx; uint32_t begin;
WS_UserAuthData_Password* pw = &authData->sf.password; WS_UserAuthData_Password* pw;
int ret; int ret = WS_SUCCESS;
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestPassword()");
if (ssh == NULL || authData == NULL ||
buf == NULL || len == 0 || idx == NULL) {
ret = WS_BAD_ARGUMENT;
}
if (ret == WS_SUCCESS) {
begin = *idx;
pw = &authData->sf.password;
authData->type = WOLFSSH_USERAUTH_PASSWORD; authData->type = WOLFSSH_USERAUTH_PASSWORD;
ret = GetBoolean(&pw->hasNewPassword, buf, len, &begin); ret = GetBoolean(&pw->hasNewPassword, buf, len, &begin);
}
if (ret == WS_SUCCESS)
ret = GetUint32(&pw->passwordSz, buf, len, &begin); ret = GetUint32(&pw->passwordSz, buf, len, &begin);
if (ret == WS_SUCCESS) {
pw->password = buf + begin; pw->password = buf + begin;
begin += pw->passwordSz; begin += pw->passwordSz;
@ -1435,9 +1464,11 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
/* Skip the password change. Maybe error out since we aren't /* Skip the password change. Maybe error out since we aren't
* supporting password changes at this time. */ * supporting password changes at this time. */
ret = GetUint32(&pw->newPasswordSz, buf, len, &begin); ret = GetUint32(&pw->newPasswordSz, buf, len, &begin);
if (ret == WS_SUCCESS) {
pw->newPassword = buf + begin; pw->newPassword = buf + begin;
begin += pw->newPasswordSz; begin += pw->newPasswordSz;
} }
}
else { else {
pw->newPassword = NULL; pw->newPassword = NULL;
pw->newPasswordSz = 0; pw->newPasswordSz = 0;
@ -1450,21 +1481,24 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
if (ret == WOLFSSH_USERAUTH_SUCCESS) { if (ret == WOLFSSH_USERAUTH_SUCCESS) {
WLOG(WS_LOG_DEBUG, "DUARPW: password check successful"); WLOG(WS_LOG_DEBUG, "DUARPW: password check successful");
ssh->clientState = CLIENT_USERAUTH_DONE; ssh->clientState = CLIENT_USERAUTH_DONE;
ret = WS_SUCCESS;
} }
else { else {
WLOG(WS_LOG_DEBUG, "DUARPW: password check failed"); WLOG(WS_LOG_DEBUG, "DUARPW: password check failed");
if (ret != WOLFSSH_USERAUTH_SUCCESS) { ret = SendUserAuthFailure(ssh, 0);
return SendUserAuthFailure(ssh, 0);
}
} }
} }
else { else {
WLOG(WS_LOG_DEBUG, "DUARPW: No user auth callback"); WLOG(WS_LOG_DEBUG, "DUARPW: No user auth callback");
return SendUserAuthFailure(ssh, 0); ret = SendUserAuthFailure(ssh, 0);
}
} }
if (ret == WS_SUCCESS)
*idx = begin; *idx = begin;
return WS_SUCCESS;
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthRequestPassword(), ret = %d", ret);
return ret;
} }
@ -1481,47 +1515,85 @@ static int DoUserAuthRequestRsa(WOLFSSH* ssh, WS_UserAuthData_PublicKey* pk,
uint8_t* e; uint8_t* e;
uint32_t eSz = 0; uint32_t eSz = 0;
uint32_t i = 0; uint32_t i = 0;
int ret; int ret = WS_SUCCESS;
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestRsa()"); WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestRsa()");
if (ssh == NULL || pk == NULL || digest == NULL || digestSz == 0)
ret = WS_BAD_ARGUMENT;
/* First check that the public key's type matches the one we are /* First check that the public key's type matches the one we are
* expecting. */ * expecting. */
GetUint32(&publicKeyTypeSz, pk->publicKey, pk->publicKeySz, &i); if (ret == WS_SUCCESS)
ret = GetUint32(&publicKeyTypeSz, pk->publicKey, pk->publicKeySz, &i);
if (ret == WS_SUCCESS) {
publicKeyType = pk->publicKey + i; publicKeyType = pk->publicKey + i;
i += publicKeyTypeSz; i += publicKeyTypeSz;
if (publicKeyTypeSz != pk->publicKeyTypeSz && if (publicKeyTypeSz != pk->publicKeyTypeSz &&
WMEMCMP(publicKeyType, pk->publicKeyType, publicKeyTypeSz) != 0) { WMEMCMP(publicKeyType, pk->publicKeyType, publicKeyTypeSz) != 0) {
WLOG(WS_LOG_DEBUG, "Public Key's type does not match public key type"); WLOG(WS_LOG_DEBUG,
return WS_INVALID_ALGO_ID; "Public Key's type does not match public key type");
ret = WS_INVALID_ALGO_ID;
} }
GetUint32(&eSz, pk->publicKey, pk->publicKeySz, &i); }
if (ret == WS_SUCCESS)
ret = GetUint32(&eSz, pk->publicKey, pk->publicKeySz, &i);
if (ret == WS_SUCCESS) {
e = pk->publicKey + i; e = pk->publicKey + i;
i += eSz; i += eSz;
GetUint32(&nSz, pk->publicKey, pk->publicKeySz, &i); ret = GetUint32(&nSz, pk->publicKey, pk->publicKeySz, &i);
}
if (ret == WS_SUCCESS) {
n = pk->publicKey + i; n = pk->publicKey + i;
wc_InitRsaKey(&key, ssh->ctx->heap); wc_InitRsaKey(&key, ssh->ctx->heap);
ret = wc_RsaPublicKeyDecodeRaw(n, nSz, e, eSz, &key); ret = wc_RsaPublicKeyDecodeRaw(n, nSz, e, eSz, &key);
if (ret != 0) {
WLOG(WS_LOG_DEBUG, "Could not decode public key");
ret = WS_CRYPTO_FAILED;
}
}
if (ret == WS_SUCCESS) {
i = 0; i = 0;
/* First check that the signature's public key type matches the one /* First check that the signature's public key type matches the one
* we are expecting. */ * we are expecting. */
GetUint32(&publicKeyTypeSz, pk->publicKey, pk->publicKeySz, &i); ret = GetUint32(&publicKeyTypeSz, pk->publicKey, pk->publicKeySz, &i);
}
if (ret == WS_SUCCESS) {
publicKeyType = pk->publicKey + i; publicKeyType = pk->publicKey + i;
i += publicKeyTypeSz; i += publicKeyTypeSz;
if (publicKeyTypeSz != pk->publicKeyTypeSz && if (publicKeyTypeSz != pk->publicKeyTypeSz &&
WMEMCMP(publicKeyType, pk->publicKeyType, publicKeyTypeSz) != 0) { WMEMCMP(publicKeyType, pk->publicKeyType, publicKeyTypeSz) != 0) {
WLOG(WS_LOG_DEBUG, "Signature's type does not match public key type"); WLOG(WS_LOG_DEBUG,
return WS_INVALID_ALGO_ID; "Signature's type does not match public key type");
ret = WS_INVALID_ALGO_ID;
}
} }
GetUint32(&nSz, pk->signature, pk->signatureSz, &i); if (ret == WS_SUCCESS)
ret = GetUint32(&nSz, pk->signature, pk->signatureSz, &i);
if (ret == WS_SUCCESS) {
n = pk->signature + i; n = pk->signature + i;
ret = wc_RsaSSL_Verify(n, nSz, digest, digestSz, &key); ret = wc_RsaSSL_Verify(n, nSz, digest, digestSz, &key);
if (ret <= 0) {
WLOG(WS_LOG_DEBUG, "Could not verify signature");
ret = WS_CRYPTO_FAILED;
}
}
wc_FreeRsaKey(&key); wc_FreeRsaKey(&key);
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthRequestRsa(), ret = %d", ret);
return ret; return ret;
} }
@ -1530,26 +1602,47 @@ static int DoUserAuthRequestRsa(WOLFSSH* ssh, WS_UserAuthData_PublicKey* pk,
static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData, static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
uint8_t* buf, uint32_t len, uint32_t* idx) uint8_t* buf, uint32_t len, uint32_t* idx)
{ {
uint32_t begin = *idx; uint32_t begin;
WS_UserAuthData_PublicKey* pk = &authData->sf.publicKey; WS_UserAuthData_PublicKey* pk;
int ret = WS_SUCCESS; int ret = WS_SUCCESS;
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestPublicKey()"); WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestPublicKey()");
if (ssh == NULL || authData == NULL ||
buf == NULL || len == 0 || idx == NULL) {
ret = WS_BAD_ARGUMENT;
}
if (ret == WS_SUCCESS) {
begin = *idx;
pk = &authData->sf.publicKey;
authData->type = WOLFSSH_USERAUTH_PUBLICKEY; authData->type = WOLFSSH_USERAUTH_PUBLICKEY;
GetBoolean(&pk->hasSignature, buf, len, &begin); ret = GetBoolean(&pk->hasSignature, buf, len, &begin);
GetUint32(&pk->publicKeyTypeSz, buf, len, &begin); }
if (ret == WS_SUCCESS)
ret = GetUint32(&pk->publicKeyTypeSz, buf, len, &begin);
if (ret == WS_SUCCESS) {
pk->publicKeyType = buf + begin; pk->publicKeyType = buf + begin;
begin += pk->publicKeyTypeSz; begin += pk->publicKeyTypeSz;
GetUint32(&pk->publicKeySz, buf, len, &begin); ret = GetUint32(&pk->publicKeySz, buf, len, &begin);
}
if (ret == WS_SUCCESS) {
pk->publicKey = buf + begin; pk->publicKey = buf + begin;
begin += pk->publicKeySz; begin += pk->publicKeySz;
if (pk->hasSignature) { if (pk->hasSignature) {
GetUint32(&pk->signatureSz, buf, len, &begin); ret = GetUint32(&pk->signatureSz, buf, len, &begin);
if (ret == WS_SUCCESS) {
pk->signature = buf + begin; pk->signature = buf + begin;
begin += pk->signatureSz; begin += pk->signatureSz;
} }
else
goto onError;
}
else { else {
pk->signature = NULL; pk->signature = NULL;
pk->signatureSz = 0; pk->signatureSz = 0;
@ -1562,15 +1655,21 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY, ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY,
authData, ssh->userAuthCtx); authData, ssh->userAuthCtx);
WLOG(WS_LOG_DEBUG, "DUARPK: callback result = %d", ret); WLOG(WS_LOG_DEBUG, "DUARPK: callback result = %d", ret);
if (ret != WOLFSSH_USERAUTH_SUCCESS) { if (ret == WOLFSSH_USERAUTH_SUCCESS)
return SendUserAuthFailure(ssh, 0); ret = WS_SUCCESS;
else {
ret = SendUserAuthFailure(ssh, 0);
goto onError;
} }
} }
else { else {
WLOG(WS_LOG_DEBUG, "DUARPK: no userauth callback set"); WLOG(WS_LOG_DEBUG, "DUARPK: no userauth callback set");
return SendUserAuthFailure(ssh, 0); ret = SendUserAuthFailure(ssh, 0);
goto onError;
}
} }
if (ret == WS_SUCCESS) {
if (pk->signature == NULL) { if (pk->signature == NULL) {
WLOG(WS_LOG_DEBUG, "DUARPK: Send the PK OK"); WLOG(WS_LOG_DEBUG, "DUARPK: Send the PK OK");
ret = SendUserAuthPkOk(ssh, pk->publicKeyType, pk->publicKeyTypeSz, ret = SendUserAuthPkOk(ssh, pk->publicKeyType, pk->publicKeyTypeSz,
@ -1595,9 +1694,11 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
ret = WS_SUCCESS; ret = WS_SUCCESS;
} }
{ if (ret == WS_SUCCESS) {
Sha sha; Sha sha;
uint8_t digest[SHA_DIGEST_SIZE]; uint8_t digest[SHA_DIGEST_SIZE];
volatile int compare;
volatile int sizeCompare;
wc_InitSha(&sha); wc_InitSha(&sha);
c32toa(ssh->sessionIdSz, digest); c32toa(ssh->sessionIdSz, digest);
@ -1617,25 +1718,23 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
encDigestSz = wc_EncodeSignature(encDigest, digest, encDigestSz = wc_EncodeSignature(encDigest, digest,
SHA_DIGEST_SIZE, SHAh); SHA_DIGEST_SIZE, SHAh);
}
{
volatile int compare;
volatile int sizeCompare;
compare = ConstantCompare(encDigest, checkDigest, encDigestSz); compare = ConstantCompare(encDigest, checkDigest, encDigestSz);
sizeCompare = encDigestSz != checkDigestSz; sizeCompare = encDigestSz != checkDigestSz;
if (compare || sizeCompare || ret < 0) { if (compare || sizeCompare || ret < 0) {
WLOG(WS_LOG_DEBUG, "DUARPK: signature compare failure"); WLOG(WS_LOG_DEBUG, "DUARPK: signature compare failure");
return SendUserAuthFailure(ssh, 0); ret = SendUserAuthFailure(ssh, 0);
} }
else { else {
ssh->clientState = CLIENT_USERAUTH_DONE; ssh->clientState = CLIENT_USERAUTH_DONE;
} }
} }
} }
}
onError:
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthRequestPublicKey(), ret = %d", ret);
return ret; return ret;
} }
@ -1643,22 +1742,39 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
static int DoUserAuthRequest(WOLFSSH* ssh, static int DoUserAuthRequest(WOLFSSH* ssh,
uint8_t* buf, uint32_t len, uint32_t* idx) uint8_t* buf, uint32_t len, uint32_t* idx)
{ {
uint32_t begin = *idx; uint32_t begin;
int ret; int ret = WS_SUCCESS;
uint8_t authNameId; uint8_t authNameId;
WS_UserAuthData authData; WS_UserAuthData authData;
WMEMSET(&authData, 0, sizeof(authData)); WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequest()");
GetUint32(&authData.usernameSz, buf, len, &begin);
if (ssh == NULL || buf == NULL || len == 0 || idx == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
begin = *idx;
WMEMSET(&authData, 0, sizeof(authData));
ret = GetUint32(&authData.usernameSz, buf, len, &begin);
}
if (ret == WS_SUCCESS) {
authData.username = buf + begin; authData.username = buf + begin;
begin += authData.usernameSz; begin += authData.usernameSz;
GetUint32(&authData.serviceNameSz, buf, len, &begin); ret = GetUint32(&authData.serviceNameSz, buf, len, &begin);
}
if (ret == WS_SUCCESS) {
authData.serviceName = buf + begin; authData.serviceName = buf + begin;
begin += authData.serviceNameSz; begin += authData.serviceNameSz;
GetUint32(&authData.authNameSz, buf, len, &begin); ret = GetUint32(&authData.authNameSz, buf, len, &begin);
}
if (ret == WS_SUCCESS) {
authData.authName = buf + begin; authData.authName = buf + begin;
begin += authData.authNameSz; begin += authData.authNameSz;
authNameId = NameToId((char*)authData.authName, authData.authNameSz); authNameId = NameToId((char*)authData.authName, authData.authNameSz);
@ -1670,12 +1786,15 @@ static int DoUserAuthRequest(WOLFSSH* ssh,
ret = DoUserAuthRequestPublicKey(ssh, &authData, buf, len, &begin); ret = DoUserAuthRequestPublicKey(ssh, &authData, buf, len, &begin);
} }
else { else {
WLOG(WS_LOG_DEBUG, "invalid userauth type: %s", IdToName(authNameId)); WLOG(WS_LOG_DEBUG,
"invalid userauth type: %s", IdToName(authNameId));
ret = SendUserAuthFailure(ssh, 0); ret = SendUserAuthFailure(ssh, 0);
} }
*idx = begin; *idx = begin;
}
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthRequest(), ret = %d", ret);
return ret; return ret;
} }
@ -2323,29 +2442,43 @@ int ProcessClientVersion(WOLFSSH* ssh)
int SendServerVersion(WOLFSSH* ssh) int SendServerVersion(WOLFSSH* ssh)
{ {
int ret = WS_SUCCESS;
uint32_t sshIdStrSz = (uint32_t)WSTRLEN(sshIdStr); uint32_t sshIdStrSz = (uint32_t)WSTRLEN(sshIdStr);
uint8_t scratch[LENGTH_SZ]; uint8_t sshIdStrSzFlat[LENGTH_SZ];
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
WLOG(WS_LOG_DEBUG, "%s", sshIdStr); WLOG(WS_LOG_DEBUG, "%s", sshIdStr);
SendText(ssh, sshIdStr, (uint32_t)WSTRLEN(sshIdStr)); ret = SendText(ssh, sshIdStr, (uint32_t)WSTRLEN(sshIdStr));
sshIdStrSz -= 2; /* Remove the CRLF */ }
c32toa(sshIdStrSz, scratch);
wc_ShaUpdate(&ssh->handshake->hash, scratch, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash, (const uint8_t*)sshIdStr, sshIdStrSz);
return WS_SUCCESS; if (ret == WS_SUCCESS) {
sshIdStrSz -= 2; /* Remove the CRLF */
c32toa(sshIdStrSz, sshIdStrSzFlat);
wc_ShaUpdate(&ssh->handshake->hash, sshIdStrSzFlat, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash,
(const uint8_t*)sshIdStr, sshIdStrSz);
}
return ret;
} }
static int PreparePacket(WOLFSSH* ssh, uint32_t payloadSz) static int PreparePacket(WOLFSSH* ssh, uint32_t payloadSz)
{ {
int ret; int ret = WS_SUCCESS;
uint8_t* output; uint8_t* output;
uint32_t outputSz; uint32_t outputSz;
uint32_t packetSz; uint32_t packetSz;
uint32_t usedSz; uint32_t usedSz;
uint8_t paddingSz; uint8_t paddingSz;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
/* Minimum value for paddingSz is 4. */ /* Minimum value for paddingSz is 4. */
paddingSz = ssh->blockSz - paddingSz = ssh->blockSz -
(LENGTH_SZ + PAD_LENGTH_SZ + payloadSz) % ssh->blockSz; (LENGTH_SZ + PAD_LENGTH_SZ + payloadSz) % ssh->blockSz;
@ -2356,9 +2489,10 @@ static int PreparePacket(WOLFSSH* ssh, uint32_t payloadSz)
outputSz = LENGTH_SZ + packetSz + ssh->macSz; outputSz = LENGTH_SZ + packetSz + ssh->macSz;
usedSz = ssh->outputBuffer.length - ssh->outputBuffer.idx; usedSz = ssh->outputBuffer.length - ssh->outputBuffer.idx;
if ( (ret = GrowBuffer(&ssh->outputBuffer, outputSz, usedSz)) != WS_SUCCESS) ret = GrowBuffer(&ssh->outputBuffer, outputSz, usedSz);
return ret; }
if (ret == WS_SUCCESS) {
ssh->packetStartIdx = ssh->outputBuffer.length; ssh->packetStartIdx = ssh->outputBuffer.length;
output = ssh->outputBuffer.buffer + ssh->outputBuffer.length; output = ssh->outputBuffer.buffer + ssh->outputBuffer.length;
@ -2367,6 +2501,7 @@ static int PreparePacket(WOLFSSH* ssh, uint32_t payloadSz)
output[LENGTH_SZ] = paddingSz; output[LENGTH_SZ] = paddingSz;
ssh->outputBuffer.length += LENGTH_SZ + PAD_LENGTH_SZ; ssh->outputBuffer.length += LENGTH_SZ + PAD_LENGTH_SZ;
}
return ret; return ret;
} }
@ -2379,6 +2514,10 @@ static int BundlePacket(WOLFSSH* ssh)
uint8_t paddingSz; uint8_t paddingSz;
int ret = WS_SUCCESS; int ret = WS_SUCCESS;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer; output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length; idx = ssh->outputBuffer.length;
paddingSz = ssh->paddingSz; paddingSz = ssh->paddingSz;
@ -2387,34 +2526,40 @@ static int BundlePacket(WOLFSSH* ssh)
WLOG(WS_LOG_DEBUG, "BP: paddingSz = %u", paddingSz); WLOG(WS_LOG_DEBUG, "BP: paddingSz = %u", paddingSz);
if (ssh->encryptId == ID_NONE) if (ssh->encryptId == ID_NONE)
WMEMSET(output + idx, 0, paddingSz); WMEMSET(output + idx, 0, paddingSz);
else else if (wc_RNG_GenerateBlock(ssh->rng, output + idx, paddingSz) < 0)
ret = wc_RNG_GenerateBlock(ssh->rng, output + idx, paddingSz); ret = WS_CRYPTO_FAILED;
}
if (ret == WS_SUCCESS) {
idx += paddingSz; idx += paddingSz;
if (ret != WS_SUCCESS) {
WLOG(WS_LOG_DEBUG, "BP: failed to add padding");
return ret;
}
ret = CreateMac(ssh, ssh->outputBuffer.buffer + ssh->packetStartIdx, ret = CreateMac(ssh, ssh->outputBuffer.buffer + ssh->packetStartIdx,
ssh->outputBuffer.length - ssh->packetStartIdx + paddingSz, ssh->outputBuffer.length -
ssh->packetStartIdx + paddingSz,
output + idx); output + idx);
idx += ssh->macSz; }
if (ret != WS_SUCCESS) { else {
WLOG(WS_LOG_DEBUG, "BP: failed to add mac"); WLOG(WS_LOG_DEBUG, "BP: failed to add padding");
return ret;
} }
if (ret == WS_SUCCESS) {
idx += ssh->macSz;
ret = Encrypt(ssh, ret = Encrypt(ssh,
ssh->outputBuffer.buffer + ssh->packetStartIdx, ssh->outputBuffer.buffer + ssh->packetStartIdx,
ssh->outputBuffer.buffer + ssh->packetStartIdx, ssh->outputBuffer.buffer + ssh->packetStartIdx,
ssh->outputBuffer.length - ssh->packetStartIdx + paddingSz); ssh->outputBuffer.length -
ssh->outputBuffer.length = idx; ssh->packetStartIdx + paddingSz);
if (ret != WS_SUCCESS) { }
WLOG(WS_LOG_DEBUG, "BP: failed to encrypt buffer"); else {
return ret; WLOG(WS_LOG_DEBUG, "BP: failed to generate mac");
} }
return WS_SUCCESS; if (ret == WS_SUCCESS)
ssh->outputBuffer.length = idx;
else {
WLOG(WS_LOG_DEBUG, "BP: failed to encrypt buffer");
}
return ret;
} }
@ -2453,17 +2598,22 @@ int SendKexInit(WOLFSSH* ssh)
uint8_t* payload; uint8_t* payload;
uint32_t idx = 0; uint32_t idx = 0;
uint32_t payloadSz; uint32_t payloadSz;
uint8_t payloadSzFlat[LENGTH_SZ];
int ret = WS_SUCCESS; int ret = WS_SUCCESS;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
payloadSz = MSG_ID_SZ + COOKIE_SZ + (LENGTH_SZ * 11) + BOOLEAN_SZ + payloadSz = MSG_ID_SZ + COOKIE_SZ + (LENGTH_SZ * 11) + BOOLEAN_SZ +
cannedKexAlgoNamesSz + cannedKeyAlgoNamesSz + cannedKexAlgoNamesSz + cannedKeyAlgoNamesSz +
(cannedEncAlgoNamesSz * 2) + (cannedEncAlgoNamesSz * 2) +
(cannedMacAlgoNamesSz * 2) + (cannedMacAlgoNamesSz * 2) +
(cannedNoneNamesSz * 2); (cannedNoneNamesSz * 2);
ret = PreparePacket(ssh, payloadSz); ret = PreparePacket(ssh, payloadSz);
if (ret != WS_SUCCESS) }
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer; output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length; idx = ssh->outputBuffer.length;
payload = output + idx; payload = output + idx;
@ -2471,9 +2621,10 @@ int SendKexInit(WOLFSSH* ssh)
output[idx++] = MSGID_KEXINIT; output[idx++] = MSGID_KEXINIT;
ret = wc_RNG_GenerateBlock(ssh->rng, output + idx, COOKIE_SZ); ret = wc_RNG_GenerateBlock(ssh->rng, output + idx, COOKIE_SZ);
}
if (ret == WS_SUCCESS) {
idx += COOKIE_SZ; idx += COOKIE_SZ;
if (ret != 0)
return ret;
CopyNameList(output, &idx, cannedKexAlgoNames, cannedKexAlgoNamesSz); CopyNameList(output, &idx, cannedKexAlgoNames, cannedKexAlgoNamesSz);
CopyNameList(output, &idx, cannedKeyAlgoNames, cannedKeyAlgoNamesSz); CopyNameList(output, &idx, cannedKeyAlgoNames, cannedKeyAlgoNamesSz);
@ -2493,18 +2644,16 @@ int SendKexInit(WOLFSSH* ssh)
ssh->outputBuffer.length = idx; ssh->outputBuffer.length = idx;
{ c32toa(payloadSz, payloadSzFlat);
uint8_t scratchLen[LENGTH_SZ]; ret = wc_ShaUpdate(&ssh->handshake->hash, payloadSzFlat, LENGTH_SZ);
c32toa(payloadSz, scratchLen);
ret = wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
if (ret != 0)
return ret;
} }
ret = wc_ShaUpdate(&ssh->handshake->hash, payload, payloadSz);
if (ret != 0)
return ret;
if (ret == WS_SUCCESS)
ret = wc_ShaUpdate(&ssh->handshake->hash, payload, payloadSz);
if (ret == WS_SUCCESS)
ret = BundlePacket(ssh); ret = BundlePacket(ssh);
if (ret == WS_SUCCESS) if (ret == WS_SUCCESS)
ret = SendBuffered(ssh); ret = SendBuffered(ssh);
@ -2723,12 +2872,15 @@ int SendNewKeys(WOLFSSH* ssh)
{ {
uint8_t* output; uint8_t* output;
uint32_t idx = 0; uint32_t idx = 0;
int ret; int ret = WS_SUCCESS;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ); ret = PreparePacket(ssh, MSG_ID_SZ);
if (ret != WS_SUCCESS)
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer; output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length; idx = ssh->outputBuffer.length;
@ -2737,12 +2889,12 @@ int SendNewKeys(WOLFSSH* ssh)
ssh->outputBuffer.length = idx; ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh); ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS) if (ret == WS_SUCCESS)
ret = SendBuffered(ssh); ret = SendBuffered(ssh);
if (ret != WS_SUCCESS) if (ret == WS_SUCCESS) {
return ret;
ssh->blockSz = ssh->handshake->blockSz; ssh->blockSz = ssh->handshake->blockSz;
ssh->encryptId = ssh->handshake->encryptId; ssh->encryptId = ssh->handshake->encryptId;
ssh->macSz = ssh->handshake->macSz; ssh->macSz = ssh->handshake->macSz;
@ -2762,10 +2914,11 @@ int SendNewKeys(WOLFSSH* ssh)
default: default:
WLOG(WS_LOG_DEBUG, "SNK: using cipher invalid"); WLOG(WS_LOG_DEBUG, "SNK: using cipher invalid");
break; ret = WS_INVALID_ALGO_ID;
} }
ssh->txCount = 0; ssh->txCount = 0;
}
return ret; return ret;
} }
@ -2775,12 +2928,15 @@ int SendUnimplemented(WOLFSSH* ssh)
{ {
uint8_t* output; uint8_t* output;
uint32_t idx = 0; uint32_t idx = 0;
int ret; int ret = WS_SUCCESS;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ + LENGTH_SZ); ret = PreparePacket(ssh, MSG_ID_SZ + LENGTH_SZ);
if (ret != WS_SUCCESS)
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer; output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length; idx = ssh->outputBuffer.length;
@ -2791,6 +2947,8 @@ int SendUnimplemented(WOLFSSH* ssh)
ssh->outputBuffer.length = idx; ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh); ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS) if (ret == WS_SUCCESS)
ret = SendBuffered(ssh); ret = SendBuffered(ssh);
@ -2802,12 +2960,15 @@ int SendDisconnect(WOLFSSH* ssh, uint32_t reason)
{ {
uint8_t* output; uint8_t* output;
uint32_t idx = 0; uint32_t idx = 0;
int ret; int ret = WS_SUCCESS;
if (ssh == NULL)
ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ + UINT32_SZ + (LENGTH_SZ * 2)); ret = PreparePacket(ssh, MSG_ID_SZ + UINT32_SZ + (LENGTH_SZ * 2));
if (ret != WS_SUCCESS)
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer; output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length; idx = ssh->outputBuffer.length;
@ -2822,6 +2983,8 @@ int SendDisconnect(WOLFSSH* ssh, uint32_t reason)
ssh->outputBuffer.length = idx; ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh); ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS) if (ret == WS_SUCCESS)
ret = SendBuffered(ssh); ret = SendBuffered(ssh);
@ -2833,15 +2996,15 @@ int SendIgnore(WOLFSSH* ssh, const unsigned char* data, uint32_t dataSz)
{ {
uint8_t* output; uint8_t* output;
uint32_t idx = 0; uint32_t idx = 0;
int ret; int ret = WS_SUCCESS;
if (ssh == NULL || (data == NULL && dataSz > 0)) if (ssh == NULL || (data == NULL && dataSz > 0))
return WS_BAD_ARGUMENT; ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ + LENGTH_SZ + dataSz); ret = PreparePacket(ssh, MSG_ID_SZ + LENGTH_SZ + dataSz);
if (ret != WS_SUCCESS)
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer; output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length; idx = ssh->outputBuffer.length;
@ -2856,6 +3019,8 @@ int SendIgnore(WOLFSSH* ssh, const unsigned char* data, uint32_t dataSz)
ssh->outputBuffer.length = idx; ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh); ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS) if (ret == WS_SUCCESS)
ret = SendBuffered(ssh); ret = SendBuffered(ssh);
@ -2872,19 +3037,20 @@ int SendDebug(WOLFSSH* ssh, byte alwaysDisplay, const char* msg)
uint32_t msgSz; uint32_t msgSz;
uint8_t* output; uint8_t* output;
uint32_t idx = 0; uint32_t idx = 0;
int ret; int ret = WS_SUCCESS;
if (ssh == NULL) if (ssh == NULL)
return WS_BAD_ARGUMENT; ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
msgSz = (msg != NULL) ? (uint32_t)WSTRLEN(msg) : 0; msgSz = (msg != NULL) ? (uint32_t)WSTRLEN(msg) : 0;
ret = PreparePacket(ssh, ret = PreparePacket(ssh,
MSG_ID_SZ + BOOLEAN_SZ + (LENGTH_SZ * 2) + MSG_ID_SZ + BOOLEAN_SZ + (LENGTH_SZ * 2) +
msgSz + cannedLangTagSz); msgSz + cannedLangTagSz);
if (ret != WS_SUCCESS) }
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer; output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length; idx = ssh->outputBuffer.length;
@ -2904,6 +3070,8 @@ int SendDebug(WOLFSSH* ssh, byte alwaysDisplay, const char* msg)
ssh->outputBuffer.length = idx; ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh); ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS) if (ret == WS_SUCCESS)
ret = SendBuffered(ssh); ret = SendBuffered(ssh);
@ -2919,16 +3087,17 @@ int SendServiceAccept(WOLFSSH* ssh)
uint32_t nameSz; uint32_t nameSz;
uint8_t* output; uint8_t* output;
uint32_t idx; uint32_t idx;
int ret; int ret = WS_SUCCESS;
if (ssh == NULL) if (ssh == NULL)
return WS_BAD_ARGUMENT; ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS) {
nameSz = (uint32_t)WSTRLEN(userAuthName); nameSz = (uint32_t)WSTRLEN(userAuthName);
ret = PreparePacket(ssh, MSG_ID_SZ + LENGTH_SZ + nameSz); ret = PreparePacket(ssh, MSG_ID_SZ + LENGTH_SZ + nameSz);
if (ret != WS_SUCCESS) }
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer; output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length; idx = ssh->outputBuffer.length;
@ -2941,6 +3110,8 @@ int SendServiceAccept(WOLFSSH* ssh)
ssh->outputBuffer.length = idx; ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh); ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS) if (ret == WS_SUCCESS)
ret = SendUserAuthBanner(ssh); ret = SendUserAuthBanner(ssh);
@ -2956,20 +3127,19 @@ int SendUserAuthFailure(WOLFSSH* ssh, uint8_t partialSuccess)
{ {
uint8_t* output; uint8_t* output;
uint32_t idx; uint32_t idx;
int ret; int ret = WS_SUCCESS;
(void)partialSuccess;
WLOG(WS_LOG_DEBUG, "Entering SendUserAuthFailure()"); WLOG(WS_LOG_DEBUG, "Entering SendUserAuthFailure()");
if (ssh == NULL) if (ssh == NULL)
return WS_BAD_ARGUMENT; ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, ret = PreparePacket(ssh,
MSG_ID_SZ + LENGTH_SZ + cannedAuthsSz + BOOLEAN_SZ); MSG_ID_SZ + LENGTH_SZ +
if (ret != WS_SUCCESS) cannedAuthsSz + BOOLEAN_SZ);
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer; output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length; idx = ssh->outputBuffer.length;
@ -2978,11 +3148,13 @@ int SendUserAuthFailure(WOLFSSH* ssh, uint8_t partialSuccess)
idx += LENGTH_SZ; idx += LENGTH_SZ;
WMEMCPY(output + idx, cannedAuths, cannedAuthsSz); WMEMCPY(output + idx, cannedAuths, cannedAuthsSz);
idx += cannedAuthsSz; idx += cannedAuthsSz;
output[idx++] = 0; output[idx++] = (partialSuccess != 0);
ssh->outputBuffer.length = idx; ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh); ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS) if (ret == WS_SUCCESS)
ret = SendBuffered(ssh); ret = SendBuffered(ssh);
@ -2994,15 +3166,15 @@ int SendUserAuthSuccess(WOLFSSH* ssh)
{ {
uint8_t* output; uint8_t* output;
uint32_t idx; uint32_t idx;
int ret; int ret = WS_SUCCESS;
if (ssh == NULL) if (ssh == NULL)
return WS_BAD_ARGUMENT; ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ); ret = PreparePacket(ssh, MSG_ID_SZ);
if (ret != WS_SUCCESS)
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer; output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length; idx = ssh->outputBuffer.length;
@ -3011,6 +3183,8 @@ int SendUserAuthSuccess(WOLFSSH* ssh)
ssh->outputBuffer.length = idx; ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh); ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS) if (ret == WS_SUCCESS)
ret = SendBuffered(ssh); ret = SendBuffered(ssh);
@ -3024,17 +3198,20 @@ int SendUserAuthPkOk(WOLFSSH* ssh,
{ {
uint8_t* output; uint8_t* output;
uint32_t idx; uint32_t idx;
int ret; int ret = WS_SUCCESS;
if (ssh == NULL || if (ssh == NULL ||
algoName == NULL || algoNameSz == 0 || algoName == NULL || algoNameSz == 0 ||
publicKey == NULL || publicKeySz == 0) { publicKey == NULL || publicKeySz == 0) {
return WS_BAD_ARGUMENT; ret = WS_BAD_ARGUMENT;
} }
PreparePacket(ssh, MSG_ID_SZ + (LENGTH_SZ * 2) + algoNameSz + publicKeySz); if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ + (LENGTH_SZ * 2) +
algoNameSz + publicKeySz);
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer; output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length; idx = ssh->outputBuffer.length;
@ -3050,7 +3227,10 @@ int SendUserAuthPkOk(WOLFSSH* ssh,
ssh->outputBuffer.length = idx; ssh->outputBuffer.length = idx;
BundlePacket(ssh); ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS)
ret = SendBuffered(ssh); ret = SendBuffered(ssh);
return ret; return ret;
@ -3070,16 +3250,16 @@ int SendUserAuthBanner(WOLFSSH* ssh)
{ {
uint8_t* output; uint8_t* output;
uint32_t idx; uint32_t idx;
int ret; int ret = WS_SUCCESS;
if (ssh == NULL) if (ssh == NULL)
return WS_BAD_ARGUMENT; ret = WS_BAD_ARGUMENT;
if (ret == WS_SUCCESS)
ret = PreparePacket(ssh, MSG_ID_SZ + (LENGTH_SZ * 2) + ret = PreparePacket(ssh, MSG_ID_SZ + (LENGTH_SZ * 2) +
cannedBannerSz + cannedLangTagSz); cannedBannerSz + cannedLangTagSz);
if (ret != WS_SUCCESS)
return ret;
if (ret == WS_SUCCESS) {
output = ssh->outputBuffer.buffer; output = ssh->outputBuffer.buffer;
idx = ssh->outputBuffer.length; idx = ssh->outputBuffer.length;
@ -3096,6 +3276,8 @@ int SendUserAuthBanner(WOLFSSH* ssh)
ssh->outputBuffer.length = idx; ssh->outputBuffer.length = idx;
ret = BundlePacket(ssh); ret = BundlePacket(ssh);
}
if (ret == WS_SUCCESS) if (ret == WS_SUCCESS)
ret = SendBuffered(ssh); ret = SendBuffered(ssh);

3
wolfssh/error.h
View File

@ -67,7 +67,8 @@ enum WS_ErrorCodes {
WS_RESOURCE_E = -25, /* insufficient resources for new channel */ WS_RESOURCE_E = -25, /* insufficient resources for new channel */
WS_INVALID_CHANTYPE = -26, /* invalid channel type */ WS_INVALID_CHANTYPE = -26, /* invalid channel type */
WS_INVALID_CHANID = -27, WS_INVALID_CHANID = -27,
WS_INVALID_USERNAME = -28 WS_INVALID_USERNAME = -28,
WS_CRYPTO_FAILED = -29 /* crypto action failed */
}; };