More Options

Wrapped more items with guards to disable them if not usable.
2020-10-13 17:41:15 -07:00 · 2020-10-13 17:41:15 -07:00 · 4d5ce88cc9
parent b63d3c4914
commit 4d5ce88cc9
3 changed files with 127 additions and 65 deletions
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@ -1105,6 +1105,12 @@ static int load_file(const char* fileName, byte* buf, word32 bufSz)
 }
 #endif /* NO_FILESYSTEM */

+#ifdef HAVE_ECC521
+    #define ECC_PATH "./keys/server-key-ecc-521.der"
+#else
+    #define ECC_PATH "./keys/server-key-ecc.der"
+#endif
+
 /* returns buffer size on success */
 static int load_key(byte isEcc, byte* buf, word32 bufSz)
 {
@ -1112,8 +1118,7 @@ static int load_key(byte isEcc, byte* buf, word32 bufSz)

 #ifndef NO_FILESYSTEM
    const char* bufName;
-    bufName = isEcc ? "./keys/server-key-ecc.der" :
-                       "./keys/server-key-rsa.der" ;
+    bufName = isEcc ? ECC_PATH : "./keys/server-key-rsa.der" ;
    sz = load_file(bufName, buf, bufSz);
 #else
    /* using buffers instead */
--- a/src/internal.c
+++ b/src/internal.c
@ -130,13 +130,13 @@ Flags:
 #if defined(NO_DH) || defined(NO_SHA256)
    #define WOLFSSH_NO_DH_GEX_SHA256
 #endif
-#if !defined(HAVE_ECC) || defined(NO_SHA256)
+#if !defined(HAVE_ECC) || defined(NO_SHA256) || defined(NO_ECC256)
    #define WOLFSSH_NO_ECDH_SHA2_NISTP256
 #endif
-#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA384)
+#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA384) || !defined(HAVE_ECC384)
    #define WOLFSSH_NO_ECDH_SHA2_NISTP384
 #endif
-#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA512)
+#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA512) || !defined(HAVE_ECC521)
    #define WOLFSSH_NO_ECDH_SHA2_NISTP521
 #endif
 #if !defined(HAVE_ED25519) || defined(NO_SHA256)
@ -145,13 +145,13 @@ Flags:
 #if defined(NO_RSA) || defined(NO_SHA)
    #define WOLFSSH_NO_SSH_RSA_SHA1
 #endif
-#if !defined(HAVE_ECC) || defined(NO_SHA256)
+#if !defined(HAVE_ECC) || defined(NO_SHA256) || defined(NO_ECC256)
    #define WOLFSSH_NO_ECDSA_SHA2_NISTP256
 #endif
-#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA384)
+#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA384) || !defined(HAVE_ECC384)
    #define WOLFSSH_NO_ECDSA_SHA2_NISTP384
 #endif
-#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA512)
+#if !defined(HAVE_ECC) || !defined(WOLFSSL_SHA512) || !defined(HAVE_ECC521)
    #define WOLFSSH_NO_ECDSA_SHA2_NISTP521
 #endif
 #if defined(NO_AES) || !defined(HAVE_AES_CBC)
@ -1995,7 +1995,7 @@ static int GetNameList(byte* idList, word32* idListSz,

 static const byte cannedEncAlgo[] = {
 #ifndef WOLFSSH_NO_AES_GCM
-    ID_AES128_GCM, 
+    ID_AES128_GCM,
 #endif
 #ifndef WOLFSSH_NO_AES_CTR
    ID_AES128_CTR,
@ -2016,17 +2016,47 @@ static const byte cannedMacAlgo[] = {
    ID_HMAC_SHA1,
 #endif
 };
-static const byte  cannedKeyAlgoClient[] = {ID_ECDSA_SHA2_NISTP256, ID_SSH_RSA};
+
+static const byte  cannedKeyAlgoClient[] = {
+#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP521
+    ID_ECDSA_SHA2_NISTP521,
+#endif
+#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP384
+    ID_ECDSA_SHA2_NISTP384,
+#endif
+#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP256
+    ID_ECDSA_SHA2_NISTP256,
+#endif
+#ifndef WOLFSSH_NO_SSH_RSA_SHA1
+    ID_SSH_RSA,
+#endif
+};
+
 #ifndef WOLFSSH_NO_SSH_RSA_SHA1
 static const byte  cannedKeyAlgoRsa[] = {ID_SSH_RSA};
 static const word32 cannedKeyAlgoRsaSz = sizeof(cannedKeyAlgoRsa);
 #endif
+#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP256
 static const byte  cannedKeyAlgoEcc256[] = {ID_ECDSA_SHA2_NISTP256};
+static const word32 cannedKeyAlgoEcc256Sz = sizeof(cannedKeyAlgoEcc256);
+#endif
+#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP384
 static const byte  cannedKeyAlgoEcc384[] = {ID_ECDSA_SHA2_NISTP384};
+static const word32 cannedKeyAlgoEcc384Sz = sizeof(cannedKeyAlgoEcc384);
+#endif
+#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP521
 static const byte  cannedKeyAlgoEcc521[] = {ID_ECDSA_SHA2_NISTP521};
+static const word32 cannedKeyAlgoEcc521Sz = sizeof(cannedKeyAlgoEcc521);
+#endif


 static const byte cannedKexAlgo[] = {
+#ifndef WOLFSSH_NO_ECDH_SHA2_NISTP521
+    ID_ECDH_SHA2_NISTP521,
+#endif
+#ifndef WOLFSSH_NO_ECDH_SHA2_NISTP384
+    ID_ECDH_SHA2_NISTP384,
+#endif
 #ifndef WOLFSSH_NO_ECDH_SHA2_NISTP256
    ID_ECDH_SHA2_NISTP256,
 #endif
@ -2044,9 +2074,6 @@ static const byte cannedKexAlgo[] = {
 static const word32 cannedEncAlgoSz = sizeof(cannedEncAlgo);
 static const word32 cannedMacAlgoSz = sizeof(cannedMacAlgo);
 static const word32 cannedKeyAlgoClientSz = sizeof(cannedKeyAlgoClient);
-static const word32 cannedKeyAlgoEcc256Sz = sizeof(cannedKeyAlgoEcc256);
-static const word32 cannedKeyAlgoEcc384Sz = sizeof(cannedKeyAlgoEcc384);
-static const word32 cannedKeyAlgoEcc521Sz = sizeof(cannedKeyAlgoEcc521);
 static const word32 cannedKexAlgoSz = sizeof(cannedKexAlgo);


@ -6162,92 +6189,100 @@ static INLINE void CopyNameList(byte* buf, word32* idx,

 static const char cannedEncAlgoNames[] =
 #if !defined(WOLFSSH_NO_AES_GCM)
-    "aes128-gcm@openssh.com"
-#endif
-#if !defined(WOLFSSH_NO_AES_GCM) && !defined(WOLFSSH_NO_AES_CTR)
-    ","
+    "aes128-gcm@openssh.com,"
 #endif
 #if !defined(WOLFSSH_NO_AES_CTR)
-    "aes128-ctr"
-#endif
-#if (!defined(WOLFSSH_NO_AES_GCM) || !defined(WOLFSSH_NO_AES_CTR)) && \
-    !defined(WOLFSSH_NO_AES_CBC)
-    ","
+    "aes128-ctr,"
 #endif
 #if !defined(WOLFSSH_NO_AES_CBC)
-    "aes128-cbc"
+    "aes128-cbc,"
 #endif
-    ;
+    "";
 #if defined(WOLFSSH_NO_AES_GCM) && defined(WOLFSSH_NO_AES_CTR) && \
    defined(WOLFSSH_NO_AES_CBC)
-#warning "You need at least one of AES-GCM, AES-CTR or AES-CBC." 
+#warning "You need at least one encryption algorithm."
 #endif

 static const char cannedMacAlgoNames[] =
 #if !defined(WOLFSSH_NO_HMAC_SHA2_256)
-    "hmac-sha2-256"
-#endif
-#if !defined(WOLFSSH_NO_HMAC_SHA2_256) && !defined(WOLFSSH_NO_HMAC_SHA1_96)
-    ","
+    "hmac-sha2-256,"
 #endif
 #if !defined(WOLFSSH_NO_HMAC_SHA1_96)
-    "hmac-sha1-96"
-#endif
-#if (!defined(WOLFSSH_NO_HMAC_SHA2_256) || !defined(WOLFSSH_NO_HMAC_SHA1_96)) \
-    && !defined(WOLFSSH_NO_HMAC_SHA1)
-    ","
+    "hmac-sha1-96,"
 #endif
 #if !defined(WOLFSSH_NO_HMAC_SHA1)
-    "hmac-sha1"
+    "hmac-sha1,"
 #endif
-    ;
-#if defined(WOLFSSH_NO_HMAC_SHA2_256) && defined(WOLFSSH_NO_HMAC_SHA1_96)\
-                                      && defined(WOLFSSH_NO_HMAC_SHA1)
-    #warning "You need at least one of HMAC-SHA2-256, HMAC-SHA1-96 or HMAC-SHA1"
+    "";
+#if defined(WOLFSSH_NO_HMAC_SHA2_256) && \
+        defined(WOLFSSH_NO_HMAC_SHA1_96) && \
+        defined(WOLFSSH_NO_HMAC_SHA1)
+    #warning "You need at least one MAC algorithm."
+#endif
+
+static const char cannedKeyAlgoClientNames[] =
+#ifndef WOLFSSL_NO_ECDSA_SHA2_NISTP521
+    "ecdsa-sha2-nistp521,"
+#endif
+#ifndef WOLFSSL_NO_ECDSA_SHA2_NISTP384
+    "ecdsa-sha2-nistp384,"
+#endif
+#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP256
+    "ecdsa-sha2-nistp256,"
+#endif
+#ifndef WOLFSSH_NO_SSH_RSA_SHA1
+    "ssh-rsa,"
+#endif
+    "";
+#if defined(WOLFSSH_NO_ECDSA_SHA2_NISTP256) && \
+        defined(WOLFSSH_NO_ECDSA_SHA2_NISTP384) && \
+        defined(WOLFSSH_NO_ECDSA_SHA2_NISTP521) && \
+        defined(WOLFSSH_NO_SSH_RSA_SHA2)
+    #warning "You need at least one signing algorithm."
 #endif

-static const char cannedKeyAlgoClientNames[] = "ecdsa-sha2-nistp256,ssh-rsa";
 static const char cannedKeyAlgoRsaNames[] = "ssh-rsa";
 static const char cannedKeyAlgoEcc256Names[] = "ecdsa-sha2-nistp256";
 static const char cannedKeyAlgoEcc384Names[] = "ecdsa-sha2-nistp384";
 static const char cannedKeyAlgoEcc521Names[] = "ecdsa-sha2-nistp521";
+
 static const char cannedKexAlgoNames[] =
-#if !defined(WOLFSSH_NO_ECDH_SHA2_NISTP256)
-    "ecdh-sha2-nistp256"
+#if !defined(WOLFSSH_NO_ECDH_SHA2_NISTP521)
+    "ecdh-sha2-nistp521,"
 #endif
-#if !defined(WOLFSSH_NO_ECDH_SHA2_NISTP256) && !defined(WOLFSSH_NO_DH_GEX_SHA256)
-    ","
+#if !defined(WOLFSSH_NO_ECDH_SHA2_NISTP384)
+    "ecdh-sha2-nistp384,"
+#endif
+#if !defined(WOLFSSH_NO_ECDH_SHA2_NISTP256)
+    "ecdh-sha2-nistp256,"
 #endif
 #if !defined(WOLFSSH_NO_DH_GEX_SHA256)
-    "diffie-hellman-group-exchange-sha256"
-#endif
-#if (!defined(WOLFSSH_NO_ECDH_SHA2_NISTP256) || !defined(WOLFSSH_NO_DH_GEX_SHA256))\
-                                             && !defined(WOLFSSH_NO_DH_GROUP14_SHA1)
-    ","
+    "diffie-hellman-group-exchange-sha256,"
 #endif
 #if !defined(WOLFSSH_NO_DH_GROUP14_SHA1)
-    "diffie-hellman-group14-sha1"
-#endif
-#if (!defined(WOLFSSH_NO_ECDH_SHA2_NISTP256) || !defined(WOLFSSH_NO_DH_GEX_SHA256) \
-  || !defined(WOLFSSH_NO_DH_GROUP14_SHA1)) && !defined(WOLFSSH_NO_DH_GROUP1_SHA1)
-    ","
+    "diffie-hellman-group14-sha1,"
 #endif
 #if !defined(WOLFSSH_NO_DH_GROUP1_SHA1)
-    "diffie-hellman-group1-sha1"
+    "diffie-hellman-group1-sha1,"
 #endif
-    ; /* This is a little awkward. */
-#if defined(WOLFSSH_NO_ECDH_SHA2_NISTP256) && defined(WOLFSSH_NO_DH_GEX_SHA256)\
- && defined(WOLFSSH_NO_DH_GROUP14_SHA1) && defined(WOLFSSH_NO_DH_GROUP1_SHA1)
-    #warning "You need at least one of ECDH-SHA2-NISTP256, DH-GEX-SHA256, "
-             "DH-GROUP14-SHA1 or DH-GROUP1-SHA1"
+    "";
+
+#if defined(WOLFSSH_NO_ECDH_SHA2_NISTP256) && \
+        defined(WOLFSSH_NO_DH_GEX_SHA256) && \
+        defined(WOLFSSH_NO_DH_GROUP14_SHA1) && \
+        defined(WOLFSSH_NO_DH_GROUP1_SHA1) && \
+        defined(WOLFSSH_NO_ECDH_SHA2_NISTP521) && \
+        defined(WOLFSSH_NO_ECDH_SHA2_NISTP384)
+    #warning "You need at least one key exchange algorithm."
 #endif

 static const char cannedNoneNames[] = "none";

-static const word32 cannedEncAlgoNamesSz = sizeof(cannedEncAlgoNames) - 1;
-static const word32 cannedMacAlgoNamesSz = sizeof(cannedMacAlgoNames) - 1;
+/* -1 for the null, some are -1 for the comma */
+static const word32 cannedEncAlgoNamesSz = sizeof(cannedEncAlgoNames) - 2;
+static const word32 cannedMacAlgoNamesSz = sizeof(cannedMacAlgoNames) - 2;
 static const word32 cannedKeyAlgoClientNamesSz =
-                                           sizeof(cannedKeyAlgoClientNames) - 1;
+                                           sizeof(cannedKeyAlgoClientNames) - 2;
 static const word32 cannedKeyAlgoRsaNamesSz = sizeof(cannedKeyAlgoRsaNames) - 1;
 static const word32 cannedKeyAlgoEcc256NamesSz =
                                           sizeof(cannedKeyAlgoEcc256Names) - 1;
@ -6255,7 +6290,7 @@ static const word32 cannedKeyAlgoEcc384NamesSz =
                                           sizeof(cannedKeyAlgoEcc384Names) - 1;
 static const word32 cannedKeyAlgoEcc521NamesSz =
                                           sizeof(cannedKeyAlgoEcc521Names) - 1;
-static const word32 cannedKexAlgoNamesSz = sizeof(cannedKexAlgoNames) - 1;
+static const word32 cannedKexAlgoNamesSz = sizeof(cannedKexAlgoNames) - 2;
 static const word32 cannedNoneNamesSz = sizeof(cannedNoneNames) - 1;


--- a/tests/api.c
+++ b/tests/api.c
@ -462,11 +462,33 @@ enum WS_TestFormatTypes {
 };


+#ifndef NO_ECC256
 static const char serverKeyEccDer[] =
    "307702010104206109990b79d25f285a0f5d15cca15654f92b3987212da77d85"
    "7bb87f38c66dd5a00a06082a8648ce3d030107a144034200048113ffa42bb79c"
    "45747a834c61f33fad26cf22cda9a3bca561b47ce662d4c2f755439a31fb8011"
    "20b5124b24f578d7fd22ef4635f005586b5f63c8da1bc4f569";
+static const int serverKeyEccCurveId = ECC_SECP256R1;
+#elif defined(HAVE_ECC384)
+static const char serverKeyEccDer[] =
+    "3081a402010104303eadd2bbbf05a7be3a3f7c28151289de5bb3644d7011761d"
+    "b56f2a0362fba64f98e64ff986dc4fb8efdb2d6b8da57142a00706052b810400"
+    "22a1640362000438d62be418ff573fd0e020d48876c4e1121dfb2d6ebee4895d"
+    "7724316d46a23105873f2986d5c712803a6f471ab86850eb063e108961349cf8"
+    "b4c6a4cf5e97bd7e51e975e3e9217261506eb9cf3c493d3eb88d467b5f27ebab"
+    "2161c00066febd";
+static const int serverKeyEccCurveId = ECC_SECP384R1;
+#elif defined(HAVE_ECC521)
+static const char serverKeyEccDer[] =
+    "3081dc0201010442004ca4d86428d9400e7b2df3912eb996c195895043af92e8"
+    "6de70ae4df46f22a291a6bb2748aae82580df6c39f49b3ed82f1789ece1b657d"
+    "45438cff156534354575a00706052b81040023a18189038186000401f8d0a7c3"
+    "c58d841957969f213a94f3da550edf76d8dd171531f35bb069c8bc300d6f6b37"
+    "d18046a9717f2c6f59519c827095b29a6313306218c235769400d0f96d000a19"
+    "3ba346652beb409a9a45c597a3ed932dd5aaae96bf2f317e5a7ac7458b3c6cdb"
+    "aa90c355382cdfcdca7377d92eb20a5e8c74237ca5a345b19e3f1a2290b154";
+static const int serverKeyEccCurveId = ECC_SECP521R1;
+#endif

 static const char serverKeyRsaDer[] =
    "308204a30201000282010100da5dad2514761559f340fd3cb86230b36dc0f9ec"
@ -569,7 +591,7 @@ static void test_wolfSSH_CTX_UsePrivateKey_buffer(void)
                                         TEST_GOOD_FORMAT_ASN1));
    AssertNotNull(ctx->privateKey);
    AssertIntNE(0, ctx->privateKeySz);
-    AssertIntEQ(ECC_SECP256R1, ctx->useEcc);
+    AssertIntEQ(serverKeyEccCurveId, ctx->useEcc);

 #ifndef NO_RSA
    lastKey = ctx->privateKey;