WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Use wolfssl/wolfcrypt instead of cyassl/ctaocrypt, add wc_ prefix to wolfcrypt function calls.

pull/3/head
John Safranek 2016-04-05 15:42:38 -07:00
parent 59590e28f3
commit 5eb8b8111a
3 changed files with 114 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

207
src/internal.c
View File

@ -34,9 +34,9 @@
#include <wolfssh/ssh.h>
#include <wolfssh/internal.h>
#include <wolfssh/log.h>
#include <cyassl/ctaocrypt/asn.h>
#include <cyassl/ctaocrypt/rsa.h>
#include <cyassl/ctaocrypt/hmac.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/hmac.h>
/* convert opaque to 32 bit integer */
@ -997,9 +997,9 @@ static int DoNewKeys(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
case ID_AES128_CBC:
WLOG(WS_LOG_DEBUG, "DNK: peer using cipher aes128-cbc");
AesSetKey(&ssh->decryptCipher.aes,
ssh->encKeyClient, ssh->encKeyClientSz,
ssh->ivClient, AES_DECRYPTION);
wc_AesSetKey(&ssh->decryptCipher.aes,
ssh->encKeyClient, ssh->encKeyClientSz,
ssh->ivClient, AES_DECRYPTION);
break;
default:
@ -1043,47 +1043,47 @@ int GenerateKey(uint8_t hashId, uint8_t keyId,
blocks = keySz / SHA_DIGEST_SIZE;
remainder = keySz % SHA_DIGEST_SIZE;
InitSha(&sha);
ShaUpdate(&sha, kSzFlat, LENGTH_SZ);
if (kPad) ShaUpdate(&sha, &pad, 1);
ShaUpdate(&sha, k, kSz);
ShaUpdate(&sha, h, hSz);
ShaUpdate(&sha, &keyId, sizeof(keyId));
ShaUpdate(&sha, sessionId, sessionIdSz);
wc_InitSha(&sha);
wc_ShaUpdate(&sha, kSzFlat, LENGTH_SZ);
if (kPad) wc_ShaUpdate(&sha, &pad, 1);
wc_ShaUpdate(&sha, k, kSz);
wc_ShaUpdate(&sha, h, hSz);
wc_ShaUpdate(&sha, &keyId, sizeof(keyId));
wc_ShaUpdate(&sha, sessionId, sessionIdSz);
if (blocks == 0) {
if (remainder > 0) {
uint8_t lastBlock[SHA_DIGEST_SIZE];
ShaFinal(&sha, lastBlock);
wc_ShaFinal(&sha, lastBlock);
WMEMCPY(key, lastBlock, remainder);
}
}
else {
uint32_t runningKeySz, curBlock;
ShaFinal(&sha, key);
wc_ShaFinal(&sha, key);
runningKeySz = SHA_DIGEST_SIZE;
for (curBlock = 1; curBlock < blocks; curBlock++) {
InitSha(&sha);
ShaUpdate(&sha, kSzFlat, LENGTH_SZ);
if (kPad) ShaUpdate(&sha, &pad, 1);
ShaUpdate(&sha, k, kSz);
ShaUpdate(&sha, h, hSz);
ShaUpdate(&sha, key, runningKeySz);
ShaFinal(&sha, key + runningKeySz);
wc_InitSha(&sha);
wc_ShaUpdate(&sha, kSzFlat, LENGTH_SZ);
if (kPad) wc_ShaUpdate(&sha, &pad, 1);
wc_ShaUpdate(&sha, k, kSz);
wc_ShaUpdate(&sha, h, hSz);
wc_ShaUpdate(&sha, key, runningKeySz);
wc_ShaFinal(&sha, key + runningKeySz);
runningKeySz += SHA_DIGEST_SIZE;
}
if (remainder > 0) {
uint8_t lastBlock[SHA_DIGEST_SIZE];
InitSha(&sha);
ShaUpdate(&sha, kSzFlat, LENGTH_SZ);
if (kPad) ShaUpdate(&sha, &pad, 1);
ShaUpdate(&sha, k, kSz);
ShaUpdate(&sha, h, hSz);
ShaUpdate(&sha, key, runningKeySz);
ShaFinal(&sha, lastBlock);
wc_InitSha(&sha);
wc_ShaUpdate(&sha, kSzFlat, LENGTH_SZ);
if (kPad) wc_ShaUpdate(&sha, &pad, 1);
wc_ShaUpdate(&sha, k, kSz);
wc_ShaUpdate(&sha, h, hSz);
wc_ShaUpdate(&sha, key, runningKeySz);
wc_ShaFinal(&sha, lastBlock);
WMEMCPY(key + runningKeySz, lastBlock, remainder);
}
}
@ -1671,9 +1671,9 @@ static int DoPacket(WOLFSSH* ssh)
WLOG(WS_LOG_DEBUG, "Decoding MSGID_KEXINIT");
c32toa(payloadSz + sizeof(msg), scratchLen);
ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
ShaUpdate(&ssh->handshake->hash, &msg, sizeof(msg));
ShaUpdate(&ssh->handshake->hash, buf + idx, payloadSz);
wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash, &msg, sizeof(msg));
wc_ShaUpdate(&ssh->handshake->hash, buf + idx, payloadSz);
DoKexInit(ssh, buf, payloadSz, &idx);
}
break;
@ -1760,8 +1760,11 @@ static INLINE int Encrypt(WOLFSSH* ssh, uint8_t* cipher, const uint8_t* input,
break;
case ID_AES128_CBC:
if (AesCbcEncrypt(&ssh->encryptCipher.aes, cipher, input, sz) < 0)
if (wc_AesCbcEncrypt(&ssh->encryptCipher.aes,
cipher, input, sz) < 0) {
ret = WS_ENCRYPT_E;
}
break;
default:
@ -1789,8 +1792,11 @@ static INLINE int Decrypt(WOLFSSH* ssh, uint8_t* plain, const uint8_t* input,
break;
case ID_AES128_CBC:
if (AesCbcDecrypt(&ssh->decryptCipher.aes, plain, input, sz) < 0)
if (wc_AesCbcDecrypt(&ssh->decryptCipher.aes,
plain, input, sz) < 0) {
ret = WS_DECRYPT_E;
}
break;
default:
@ -1822,10 +1828,11 @@ static INLINE int CreateMac(WOLFSSH* ssh, const uint8_t* in, uint32_t inSz,
Hmac hmac;
uint8_t digest[SHA_DIGEST_SIZE];
HmacSetKey(&hmac, SHA, ssh->macKeyServer, ssh->macKeyServerSz);
HmacUpdate(&hmac, flatSeq, sizeof(flatSeq));
HmacUpdate(&hmac, in, inSz);
HmacFinal(&hmac, digest);
wc_HmacSetKey(&hmac, SHA,
ssh->macKeyServer, ssh->macKeyServerSz);
wc_HmacUpdate(&hmac, flatSeq, sizeof(flatSeq));
wc_HmacUpdate(&hmac, in, inSz);
wc_HmacFinal(&hmac, digest);
WMEMCPY(mac, digest, SHA1_96_SZ);
}
break;
@ -1834,10 +1841,11 @@ static INLINE int CreateMac(WOLFSSH* ssh, const uint8_t* in, uint32_t inSz,
{
Hmac hmac;
HmacSetKey(&hmac, SHA, ssh->macKeyServer, ssh->macKeyServerSz);
HmacUpdate(&hmac, flatSeq, sizeof(flatSeq));
HmacUpdate(&hmac, in, inSz);
HmacFinal(&hmac, mac);
wc_HmacSetKey(&hmac, SHA,
ssh->macKeyServer, ssh->macKeyServerSz);
wc_HmacUpdate(&hmac, flatSeq, sizeof(flatSeq));
wc_HmacUpdate(&hmac, in, inSz);
wc_HmacFinal(&hmac, mac);
}
break;
@ -1871,10 +1879,10 @@ static INLINE int VerifyMac(WOLFSSH* ssh, const uint8_t* in, uint32_t inSz,
case ID_HMAC_SHA1:
case ID_HMAC_SHA1_96:
HmacSetKey(&hmac, SHA, ssh->macKeyClient, ssh->macKeyClientSz);
HmacUpdate(&hmac, flatSeq, sizeof(flatSeq));
HmacUpdate(&hmac, in, inSz);
HmacFinal(&hmac, checkMac);
wc_HmacSetKey(&hmac, SHA, ssh->macKeyClient, ssh->macKeyClientSz);
wc_HmacUpdate(&hmac, flatSeq, sizeof(flatSeq));
wc_HmacUpdate(&hmac, in, inSz);
wc_HmacFinal(&hmac, checkMac);
if (ConstantCompare(checkMac, mac, ssh->peerMacSz) != 0)
ret = WS_VERIFY_MAC_E;
break;
@ -2003,8 +2011,8 @@ int ProcessClientVersion(WOLFSSH* ssh)
}
c32toa(ssh->inputBuffer.length - 2, scratch);
ShaUpdate(&ssh->handshake->hash, scratch, LENGTH_SZ);
ShaUpdate(&ssh->handshake->hash, ssh->inputBuffer.buffer,
wc_ShaUpdate(&ssh->handshake->hash, scratch, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash, ssh->inputBuffer.buffer,
ssh->inputBuffer.length - 2);
ssh->inputBuffer.idx += ssh->inputBuffer.length;
@ -2021,8 +2029,8 @@ int SendServerVersion(WOLFSSH* ssh)
SendText(ssh, sshIdStr, (uint32_t)WSTRLEN(sshIdStr));
sshIdStrSz -= 2; /* Remove the CRLF */
c32toa(sshIdStrSz, scratch);
ShaUpdate(&ssh->handshake->hash, scratch, LENGTH_SZ);
ShaUpdate(&ssh->handshake->hash, (const uint8_t*)sshIdStr, sshIdStrSz);
wc_ShaUpdate(&ssh->handshake->hash, scratch, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash, (const uint8_t*)sshIdStr, sshIdStrSz);
return WS_SUCCESS;
}
@ -2078,7 +2086,7 @@ static int BundlePacket(WOLFSSH* ssh)
if (ssh->encryptId == ID_NONE)
WMEMSET(output + idx, 0, paddingSz);
else
RNG_GenerateBlock(ssh->rng, output + idx, paddingSz);
wc_RNG_GenerateBlock(ssh->rng, output + idx, paddingSz);
idx += paddingSz;
CreateMac(ssh, ssh->outputBuffer.buffer + ssh->packetStartIdx,
@ -2146,7 +2154,7 @@ int SendKexInit(WOLFSSH* ssh)
output[idx++] = MSGID_KEXINIT;
RNG_GenerateBlock(ssh->rng, output + idx, COOKIE_SZ);
wc_RNG_GenerateBlock(ssh->rng, output + idx, COOKIE_SZ);
idx += COOKIE_SZ;
CopyNameList(output, &idx, cannedKexAlgoNames, cannedKexAlgoNamesSz);
@ -2170,9 +2178,9 @@ int SendKexInit(WOLFSSH* ssh)
{
uint8_t scratchLen[LENGTH_SZ];
c32toa(payloadSz, scratchLen);
ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
}
ShaUpdate(&ssh->handshake->hash, payload, payloadSz);
wc_ShaUpdate(&ssh->handshake->hash, payload, payloadSz);
BundlePacket(ssh);
SendBuffered(ssh);
@ -2211,17 +2219,17 @@ int SendKexDhReply(WOLFSSH* ssh)
uint32_t idx;
int ret;
InitDhKey(&dhKey);
wc_InitDhKey(&dhKey);
switch (ssh->handshake->kexId) {
case ID_DH_GROUP1_SHA1:
DhSetKey(&dhKey, dhPrimeGroup1, dhPrimeGroup1Sz,
dhGenerator, dhGeneratorSz);
wc_DhSetKey(&dhKey, dhPrimeGroup1, dhPrimeGroup1Sz,
dhGenerator, dhGeneratorSz);
break;
case ID_DH_GROUP14_SHA1:
DhSetKey(&dhKey, dhPrimeGroup14, dhPrimeGroup14Sz,
dhGenerator, dhGeneratorSz);
wc_DhSetKey(&dhKey, dhPrimeGroup14, dhPrimeGroup14Sz,
dhGenerator, dhGeneratorSz);
break;
default:
@ -2229,81 +2237,70 @@ int SendKexDhReply(WOLFSSH* ssh)
}
/* Hash in the server's RSA key. */
InitRsaKey(&rsaKey, ssh->ctx->heap);
ret = RsaPrivateKeyDecode(ssh->ctx->privateKey, &scratch,
&rsaKey, (int)ssh->ctx->privateKeySz);
wc_InitRsaKey(&rsaKey, ssh->ctx->heap);
ret = wc_RsaPrivateKeyDecode(ssh->ctx->privateKey, &scratch,
&rsaKey, (int)ssh->ctx->privateKeySz);
if (ret < 0)
return ret;
RsaFlattenPublicKey(&rsaKey, rsaE, &rsaESz, rsaN, &rsaNSz);
wc_RsaFlattenPublicKey(&rsaKey, rsaE, &rsaESz, rsaN, &rsaNSz);
if (rsaE[0] & 0x80) rsaEPad = 1;
if (rsaN[0] & 0x80) rsaNPad = 1;
rsaKeyBlockSz = (LENGTH_SZ * 3) + 7 + rsaESz + rsaEPad + rsaNSz + rsaNPad;
/* The 7 is for the name "ssh-rsa". */
c32toa(rsaKeyBlockSz, scratchLen);
ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
c32toa(7, scratchLen);
ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
ShaUpdate(&ssh->handshake->hash, (const uint8_t*)"ssh-rsa", 7);
wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash, (const uint8_t*)"ssh-rsa", 7);
c32toa(rsaESz + rsaEPad, scratchLen);
ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
if (rsaEPad) {
scratchLen[0] = 0;
ShaUpdate(&ssh->handshake->hash, scratchLen, 1);
wc_ShaUpdate(&ssh->handshake->hash, scratchLen, 1);
}
ShaUpdate(&ssh->handshake->hash, rsaE, rsaESz);
wc_ShaUpdate(&ssh->handshake->hash, rsaE, rsaESz);
c32toa(rsaNSz + rsaNPad, scratchLen);
ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
if (rsaNPad) {
scratchLen[0] = 0;
ShaUpdate(&ssh->handshake->hash, scratchLen, 1);
wc_ShaUpdate(&ssh->handshake->hash, scratchLen, 1);
}
ShaUpdate(&ssh->handshake->hash, rsaN, rsaNSz);
wc_ShaUpdate(&ssh->handshake->hash, rsaN, rsaNSz);
/* Hash in the client's DH e-value. */
c32toa(ssh->handshake->eSz, scratchLen);
ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
ShaUpdate(&ssh->handshake->hash, ssh->handshake->e, ssh->handshake->eSz);
wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash, ssh->handshake->e, ssh->handshake->eSz);
/* Make the server's DH f-value, and the shared secret k. */
DhGenerateKeyPair(&dhKey, ssh->rng, y, &ySz, f, &fSz);
wc_DhGenerateKeyPair(&dhKey, ssh->rng, y, &ySz, f, &fSz);
if (f[0] & 0x80) fPad = 1;
DhAgree(&dhKey,
ssh->k, &ssh->kSz,
y, ySz,
ssh->handshake->e, ssh->handshake->eSz);
wc_DhAgree(&dhKey, ssh->k, &ssh->kSz, y, ySz,
ssh->handshake->e, ssh->handshake->eSz);
if (ssh->k[0] & 0x80) kPad = 1;
FreeDhKey(&dhKey);
#ifdef SHOW_MASTER_SECRET
printf("Master secret:\n");
DumpOctetString(ssh->k, ssh->kSz);
#endif
wc_FreeDhKey(&dhKey);
/* Hash in the server's DH f-value. */
c32toa(fSz + fPad, scratchLen);
ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
if (fPad) {
scratchLen[0] = 0;
ShaUpdate(&ssh->handshake->hash, scratchLen, 1);
wc_ShaUpdate(&ssh->handshake->hash, scratchLen, 1);
}
ShaUpdate(&ssh->handshake->hash, f, fSz);
wc_ShaUpdate(&ssh->handshake->hash, f, fSz);
/* Hash in the shared secret k. */
c32toa(ssh->kSz + kPad, scratchLen);
ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ);
if (kPad) {
scratchLen[0] = 0;
ShaUpdate(&ssh->handshake->hash, scratchLen, 1);
wc_ShaUpdate(&ssh->handshake->hash, scratchLen, 1);
}
ShaUpdate(&ssh->handshake->hash, ssh->k, ssh->kSz);
wc_ShaUpdate(&ssh->handshake->hash, ssh->k, ssh->kSz);
/* Save the handshake hash value h, and session ID. */
ShaFinal(&ssh->handshake->hash, ssh->h);
wc_ShaFinal(&ssh->handshake->hash, ssh->h);
ssh->hSz = SHA_DIGEST_SIZE;
#ifdef SHOW_MASTER_SECRET
printf("Handshake hash:\n");
DumpOctetString(ssh->h, ssh->hSz);
#endif
if (ssh->sessionIdSz == 0) {
WMEMCPY(ssh->sessionId, ssh->h, ssh->hSz);
ssh->sessionIdSz = ssh->hSz;
@ -2316,17 +2313,17 @@ int SendKexDhReply(WOLFSSH* ssh)
uint8_t encSig[512];
uint32_t encSigSz;
InitSha(&sha);
ShaUpdate(&sha, ssh->h, ssh->hSz);
ShaFinal(&sha, digest);
wc_InitSha(&sha);
wc_ShaUpdate(&sha, ssh->h, ssh->hSz);
wc_ShaFinal(&sha, digest);
encSigSz = EncodeSignature(encSig, digest, sizeof(digest), SHAh);
encSigSz = wc_EncodeSignature(encSig, digest, sizeof(digest), SHAh);
if (encSigSz <= 0) {
WLOG(WS_LOG_DEBUG, "SendKexDhReply: Bad Encode Sig");
}
else {
/* At this point, sigSz should already be sizeof(sig) */
sigSz = RsaSSL_Sign(encSig, encSigSz,
sigSz = wc_RsaSSL_Sign(encSig, encSigSz,
sig, sigSz, &rsaKey, ssh->rng);
if (sigSz <= 0) {
WLOG(WS_LOG_DEBUG, "SendKexDhReply: Bad RSA Sign");
@ -2336,7 +2333,7 @@ int SendKexDhReply(WOLFSSH* ssh)
}
}
}
FreeRsaKey(&rsaKey);
wc_FreeRsaKey(&rsaKey);
sigBlockSz = (LENGTH_SZ * 2) + 7 + sigSz;
GenerateKeys(ssh);
@ -2424,9 +2421,9 @@ int SendNewKeys(WOLFSSH* ssh)
case ID_AES128_CBC:
WLOG(WS_LOG_DEBUG, "SNK: using cipher aes128-cbc");
AesSetKey(&ssh->encryptCipher.aes,
ssh->encKeyServer, ssh->encKeyServerSz,
ssh->ivServer, AES_ENCRYPTION);
wc_AesSetKey(&ssh->encryptCipher.aes,
ssh->encKeyServer, ssh->encKeyServerSz,
ssh->ivServer, AES_ENCRYPTION);
break;
default:

14
src/ssh.c
View File

@ -33,8 +33,8 @@
#include <wolfssh/ssh.h>
#include <wolfssh/internal.h>
#include <wolfssh/log.h>
#include <cyassl/ctaocrypt/rsa.h>
#include <cyassl/ctaocrypt/asn.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/asn.h>
#ifndef min
@ -153,7 +153,7 @@ static WOLFSSH* SshInit(WOLFSSH* ssh, WOLFSSH_CTX* ctx)
}
rng = (RNG*)WMALLOC(sizeof(RNG), ctx->heap, DYNTYPE_RNG);
if (rng == NULL || InitRng(rng) != 0) {
if (rng == NULL || wc_InitRng(rng) != 0) {
wolfSSH_free(ssh);
return NULL;
}
@ -185,7 +185,7 @@ static WOLFSSH* SshInit(WOLFSSH* ssh, WOLFSSH_CTX* ctx)
if (BufferInit(&ssh->inputBuffer, 0, ctx->heap) != WS_SUCCESS ||
BufferInit(&ssh->outputBuffer, 0, ctx->heap) != WS_SUCCESS ||
InitSha(&ssh->handshake->hash) != 0) {
wc_InitSha(&ssh->handshake->hash) != 0) {
wolfSSH_free(ssh);
ssh = NULL;
@ -555,13 +555,13 @@ static int ProcessBuffer(WOLFSSH_CTX* ctx, const uint8_t* in, uint32_t inSz,
RsaKey key;
uint32_t scratch = 0;
if (InitRsaKey(&key, NULL) < 0)
if (wc_InitRsaKey(&key, NULL) < 0)
return WS_RSA_E;
if (RsaPrivateKeyDecode(der, &scratch, &key, derSz) < 0)
if (wc_RsaPrivateKeyDecode(der, &scratch, &key, derSz) < 0)
return WS_BAD_FILE_E;
FreeRsaKey(&key);
wc_FreeRsaKey(&key);
}
return WS_SUCCESS;

10
wolfssh/internal.h
View File

@ -30,11 +30,11 @@
#pragma once
#include <wolfssh/ssh.h>
#include <cyassl/options.h>
#include <cyassl/ctaocrypt/sha.h>
#include <cyassl/ctaocrypt/random.h>
#include <cyassl/ctaocrypt/dh.h>
#include <cyassl/ctaocrypt/aes.h>
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/dh.h>
#include <wolfssl/wolfcrypt/aes.h>
#if !defined (ALIGN16)