diff --git a/src/internal.c b/src/internal.c index a1b5f801..4babb7b1 100644 --- a/src/internal.c +++ b/src/internal.c @@ -34,9 +34,9 @@ #include #include #include -#include -#include -#include +#include +#include +#include /* convert opaque to 32 bit integer */ @@ -997,9 +997,9 @@ static int DoNewKeys(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx) case ID_AES128_CBC: WLOG(WS_LOG_DEBUG, "DNK: peer using cipher aes128-cbc"); - AesSetKey(&ssh->decryptCipher.aes, - ssh->encKeyClient, ssh->encKeyClientSz, - ssh->ivClient, AES_DECRYPTION); + wc_AesSetKey(&ssh->decryptCipher.aes, + ssh->encKeyClient, ssh->encKeyClientSz, + ssh->ivClient, AES_DECRYPTION); break; default: @@ -1043,47 +1043,47 @@ int GenerateKey(uint8_t hashId, uint8_t keyId, blocks = keySz / SHA_DIGEST_SIZE; remainder = keySz % SHA_DIGEST_SIZE; - InitSha(&sha); - ShaUpdate(&sha, kSzFlat, LENGTH_SZ); - if (kPad) ShaUpdate(&sha, &pad, 1); - ShaUpdate(&sha, k, kSz); - ShaUpdate(&sha, h, hSz); - ShaUpdate(&sha, &keyId, sizeof(keyId)); - ShaUpdate(&sha, sessionId, sessionIdSz); + wc_InitSha(&sha); + wc_ShaUpdate(&sha, kSzFlat, LENGTH_SZ); + if (kPad) wc_ShaUpdate(&sha, &pad, 1); + wc_ShaUpdate(&sha, k, kSz); + wc_ShaUpdate(&sha, h, hSz); + wc_ShaUpdate(&sha, &keyId, sizeof(keyId)); + wc_ShaUpdate(&sha, sessionId, sessionIdSz); if (blocks == 0) { if (remainder > 0) { uint8_t lastBlock[SHA_DIGEST_SIZE]; - ShaFinal(&sha, lastBlock); + wc_ShaFinal(&sha, lastBlock); WMEMCPY(key, lastBlock, remainder); } } else { uint32_t runningKeySz, curBlock; - ShaFinal(&sha, key); + wc_ShaFinal(&sha, key); runningKeySz = SHA_DIGEST_SIZE; for (curBlock = 1; curBlock < blocks; curBlock++) { - InitSha(&sha); - ShaUpdate(&sha, kSzFlat, LENGTH_SZ); - if (kPad) ShaUpdate(&sha, &pad, 1); - ShaUpdate(&sha, k, kSz); - ShaUpdate(&sha, h, hSz); - ShaUpdate(&sha, key, runningKeySz); - ShaFinal(&sha, key + runningKeySz); + wc_InitSha(&sha); + wc_ShaUpdate(&sha, kSzFlat, LENGTH_SZ); + if (kPad) wc_ShaUpdate(&sha, &pad, 1); + wc_ShaUpdate(&sha, k, kSz); + wc_ShaUpdate(&sha, h, hSz); + wc_ShaUpdate(&sha, key, runningKeySz); + wc_ShaFinal(&sha, key + runningKeySz); runningKeySz += SHA_DIGEST_SIZE; } if (remainder > 0) { uint8_t lastBlock[SHA_DIGEST_SIZE]; - InitSha(&sha); - ShaUpdate(&sha, kSzFlat, LENGTH_SZ); - if (kPad) ShaUpdate(&sha, &pad, 1); - ShaUpdate(&sha, k, kSz); - ShaUpdate(&sha, h, hSz); - ShaUpdate(&sha, key, runningKeySz); - ShaFinal(&sha, lastBlock); + wc_InitSha(&sha); + wc_ShaUpdate(&sha, kSzFlat, LENGTH_SZ); + if (kPad) wc_ShaUpdate(&sha, &pad, 1); + wc_ShaUpdate(&sha, k, kSz); + wc_ShaUpdate(&sha, h, hSz); + wc_ShaUpdate(&sha, key, runningKeySz); + wc_ShaFinal(&sha, lastBlock); WMEMCPY(key + runningKeySz, lastBlock, remainder); } } @@ -1671,9 +1671,9 @@ static int DoPacket(WOLFSSH* ssh) WLOG(WS_LOG_DEBUG, "Decoding MSGID_KEXINIT"); c32toa(payloadSz + sizeof(msg), scratchLen); - ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); - ShaUpdate(&ssh->handshake->hash, &msg, sizeof(msg)); - ShaUpdate(&ssh->handshake->hash, buf + idx, payloadSz); + wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); + wc_ShaUpdate(&ssh->handshake->hash, &msg, sizeof(msg)); + wc_ShaUpdate(&ssh->handshake->hash, buf + idx, payloadSz); DoKexInit(ssh, buf, payloadSz, &idx); } break; @@ -1760,8 +1760,11 @@ static INLINE int Encrypt(WOLFSSH* ssh, uint8_t* cipher, const uint8_t* input, break; case ID_AES128_CBC: - if (AesCbcEncrypt(&ssh->encryptCipher.aes, cipher, input, sz) < 0) + if (wc_AesCbcEncrypt(&ssh->encryptCipher.aes, + cipher, input, sz) < 0) { + ret = WS_ENCRYPT_E; + } break; default: @@ -1789,8 +1792,11 @@ static INLINE int Decrypt(WOLFSSH* ssh, uint8_t* plain, const uint8_t* input, break; case ID_AES128_CBC: - if (AesCbcDecrypt(&ssh->decryptCipher.aes, plain, input, sz) < 0) + if (wc_AesCbcDecrypt(&ssh->decryptCipher.aes, + plain, input, sz) < 0) { + ret = WS_DECRYPT_E; + } break; default: @@ -1822,10 +1828,11 @@ static INLINE int CreateMac(WOLFSSH* ssh, const uint8_t* in, uint32_t inSz, Hmac hmac; uint8_t digest[SHA_DIGEST_SIZE]; - HmacSetKey(&hmac, SHA, ssh->macKeyServer, ssh->macKeyServerSz); - HmacUpdate(&hmac, flatSeq, sizeof(flatSeq)); - HmacUpdate(&hmac, in, inSz); - HmacFinal(&hmac, digest); + wc_HmacSetKey(&hmac, SHA, + ssh->macKeyServer, ssh->macKeyServerSz); + wc_HmacUpdate(&hmac, flatSeq, sizeof(flatSeq)); + wc_HmacUpdate(&hmac, in, inSz); + wc_HmacFinal(&hmac, digest); WMEMCPY(mac, digest, SHA1_96_SZ); } break; @@ -1834,10 +1841,11 @@ static INLINE int CreateMac(WOLFSSH* ssh, const uint8_t* in, uint32_t inSz, { Hmac hmac; - HmacSetKey(&hmac, SHA, ssh->macKeyServer, ssh->macKeyServerSz); - HmacUpdate(&hmac, flatSeq, sizeof(flatSeq)); - HmacUpdate(&hmac, in, inSz); - HmacFinal(&hmac, mac); + wc_HmacSetKey(&hmac, SHA, + ssh->macKeyServer, ssh->macKeyServerSz); + wc_HmacUpdate(&hmac, flatSeq, sizeof(flatSeq)); + wc_HmacUpdate(&hmac, in, inSz); + wc_HmacFinal(&hmac, mac); } break; @@ -1871,10 +1879,10 @@ static INLINE int VerifyMac(WOLFSSH* ssh, const uint8_t* in, uint32_t inSz, case ID_HMAC_SHA1: case ID_HMAC_SHA1_96: - HmacSetKey(&hmac, SHA, ssh->macKeyClient, ssh->macKeyClientSz); - HmacUpdate(&hmac, flatSeq, sizeof(flatSeq)); - HmacUpdate(&hmac, in, inSz); - HmacFinal(&hmac, checkMac); + wc_HmacSetKey(&hmac, SHA, ssh->macKeyClient, ssh->macKeyClientSz); + wc_HmacUpdate(&hmac, flatSeq, sizeof(flatSeq)); + wc_HmacUpdate(&hmac, in, inSz); + wc_HmacFinal(&hmac, checkMac); if (ConstantCompare(checkMac, mac, ssh->peerMacSz) != 0) ret = WS_VERIFY_MAC_E; break; @@ -2003,8 +2011,8 @@ int ProcessClientVersion(WOLFSSH* ssh) } c32toa(ssh->inputBuffer.length - 2, scratch); - ShaUpdate(&ssh->handshake->hash, scratch, LENGTH_SZ); - ShaUpdate(&ssh->handshake->hash, ssh->inputBuffer.buffer, + wc_ShaUpdate(&ssh->handshake->hash, scratch, LENGTH_SZ); + wc_ShaUpdate(&ssh->handshake->hash, ssh->inputBuffer.buffer, ssh->inputBuffer.length - 2); ssh->inputBuffer.idx += ssh->inputBuffer.length; @@ -2021,8 +2029,8 @@ int SendServerVersion(WOLFSSH* ssh) SendText(ssh, sshIdStr, (uint32_t)WSTRLEN(sshIdStr)); sshIdStrSz -= 2; /* Remove the CRLF */ c32toa(sshIdStrSz, scratch); - ShaUpdate(&ssh->handshake->hash, scratch, LENGTH_SZ); - ShaUpdate(&ssh->handshake->hash, (const uint8_t*)sshIdStr, sshIdStrSz); + wc_ShaUpdate(&ssh->handshake->hash, scratch, LENGTH_SZ); + wc_ShaUpdate(&ssh->handshake->hash, (const uint8_t*)sshIdStr, sshIdStrSz); return WS_SUCCESS; } @@ -2078,7 +2086,7 @@ static int BundlePacket(WOLFSSH* ssh) if (ssh->encryptId == ID_NONE) WMEMSET(output + idx, 0, paddingSz); else - RNG_GenerateBlock(ssh->rng, output + idx, paddingSz); + wc_RNG_GenerateBlock(ssh->rng, output + idx, paddingSz); idx += paddingSz; CreateMac(ssh, ssh->outputBuffer.buffer + ssh->packetStartIdx, @@ -2146,7 +2154,7 @@ int SendKexInit(WOLFSSH* ssh) output[idx++] = MSGID_KEXINIT; - RNG_GenerateBlock(ssh->rng, output + idx, COOKIE_SZ); + wc_RNG_GenerateBlock(ssh->rng, output + idx, COOKIE_SZ); idx += COOKIE_SZ; CopyNameList(output, &idx, cannedKexAlgoNames, cannedKexAlgoNamesSz); @@ -2170,9 +2178,9 @@ int SendKexInit(WOLFSSH* ssh) { uint8_t scratchLen[LENGTH_SZ]; c32toa(payloadSz, scratchLen); - ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); + wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); } - ShaUpdate(&ssh->handshake->hash, payload, payloadSz); + wc_ShaUpdate(&ssh->handshake->hash, payload, payloadSz); BundlePacket(ssh); SendBuffered(ssh); @@ -2211,17 +2219,17 @@ int SendKexDhReply(WOLFSSH* ssh) uint32_t idx; int ret; - InitDhKey(&dhKey); + wc_InitDhKey(&dhKey); switch (ssh->handshake->kexId) { case ID_DH_GROUP1_SHA1: - DhSetKey(&dhKey, dhPrimeGroup1, dhPrimeGroup1Sz, - dhGenerator, dhGeneratorSz); + wc_DhSetKey(&dhKey, dhPrimeGroup1, dhPrimeGroup1Sz, + dhGenerator, dhGeneratorSz); break; case ID_DH_GROUP14_SHA1: - DhSetKey(&dhKey, dhPrimeGroup14, dhPrimeGroup14Sz, - dhGenerator, dhGeneratorSz); + wc_DhSetKey(&dhKey, dhPrimeGroup14, dhPrimeGroup14Sz, + dhGenerator, dhGeneratorSz); break; default: @@ -2229,81 +2237,70 @@ int SendKexDhReply(WOLFSSH* ssh) } /* Hash in the server's RSA key. */ - InitRsaKey(&rsaKey, ssh->ctx->heap); - ret = RsaPrivateKeyDecode(ssh->ctx->privateKey, &scratch, - &rsaKey, (int)ssh->ctx->privateKeySz); + wc_InitRsaKey(&rsaKey, ssh->ctx->heap); + ret = wc_RsaPrivateKeyDecode(ssh->ctx->privateKey, &scratch, + &rsaKey, (int)ssh->ctx->privateKeySz); if (ret < 0) return ret; - RsaFlattenPublicKey(&rsaKey, rsaE, &rsaESz, rsaN, &rsaNSz); + wc_RsaFlattenPublicKey(&rsaKey, rsaE, &rsaESz, rsaN, &rsaNSz); if (rsaE[0] & 0x80) rsaEPad = 1; if (rsaN[0] & 0x80) rsaNPad = 1; rsaKeyBlockSz = (LENGTH_SZ * 3) + 7 + rsaESz + rsaEPad + rsaNSz + rsaNPad; /* The 7 is for the name "ssh-rsa". */ c32toa(rsaKeyBlockSz, scratchLen); - ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); + wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); c32toa(7, scratchLen); - ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); - ShaUpdate(&ssh->handshake->hash, (const uint8_t*)"ssh-rsa", 7); + wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); + wc_ShaUpdate(&ssh->handshake->hash, (const uint8_t*)"ssh-rsa", 7); c32toa(rsaESz + rsaEPad, scratchLen); - ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); + wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); if (rsaEPad) { scratchLen[0] = 0; - ShaUpdate(&ssh->handshake->hash, scratchLen, 1); + wc_ShaUpdate(&ssh->handshake->hash, scratchLen, 1); } - ShaUpdate(&ssh->handshake->hash, rsaE, rsaESz); + wc_ShaUpdate(&ssh->handshake->hash, rsaE, rsaESz); c32toa(rsaNSz + rsaNPad, scratchLen); - ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); + wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); if (rsaNPad) { scratchLen[0] = 0; - ShaUpdate(&ssh->handshake->hash, scratchLen, 1); + wc_ShaUpdate(&ssh->handshake->hash, scratchLen, 1); } - ShaUpdate(&ssh->handshake->hash, rsaN, rsaNSz); + wc_ShaUpdate(&ssh->handshake->hash, rsaN, rsaNSz); /* Hash in the client's DH e-value. */ c32toa(ssh->handshake->eSz, scratchLen); - ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); - ShaUpdate(&ssh->handshake->hash, ssh->handshake->e, ssh->handshake->eSz); + wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); + wc_ShaUpdate(&ssh->handshake->hash, ssh->handshake->e, ssh->handshake->eSz); /* Make the server's DH f-value, and the shared secret k. */ - DhGenerateKeyPair(&dhKey, ssh->rng, y, &ySz, f, &fSz); + wc_DhGenerateKeyPair(&dhKey, ssh->rng, y, &ySz, f, &fSz); if (f[0] & 0x80) fPad = 1; - DhAgree(&dhKey, - ssh->k, &ssh->kSz, - y, ySz, - ssh->handshake->e, ssh->handshake->eSz); + wc_DhAgree(&dhKey, ssh->k, &ssh->kSz, y, ySz, + ssh->handshake->e, ssh->handshake->eSz); if (ssh->k[0] & 0x80) kPad = 1; - FreeDhKey(&dhKey); - -#ifdef SHOW_MASTER_SECRET - printf("Master secret:\n"); - DumpOctetString(ssh->k, ssh->kSz); -#endif + wc_FreeDhKey(&dhKey); /* Hash in the server's DH f-value. */ c32toa(fSz + fPad, scratchLen); - ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); + wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); if (fPad) { scratchLen[0] = 0; - ShaUpdate(&ssh->handshake->hash, scratchLen, 1); + wc_ShaUpdate(&ssh->handshake->hash, scratchLen, 1); } - ShaUpdate(&ssh->handshake->hash, f, fSz); + wc_ShaUpdate(&ssh->handshake->hash, f, fSz); /* Hash in the shared secret k. */ c32toa(ssh->kSz + kPad, scratchLen); - ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); + wc_ShaUpdate(&ssh->handshake->hash, scratchLen, LENGTH_SZ); if (kPad) { scratchLen[0] = 0; - ShaUpdate(&ssh->handshake->hash, scratchLen, 1); + wc_ShaUpdate(&ssh->handshake->hash, scratchLen, 1); } - ShaUpdate(&ssh->handshake->hash, ssh->k, ssh->kSz); + wc_ShaUpdate(&ssh->handshake->hash, ssh->k, ssh->kSz); /* Save the handshake hash value h, and session ID. */ - ShaFinal(&ssh->handshake->hash, ssh->h); + wc_ShaFinal(&ssh->handshake->hash, ssh->h); ssh->hSz = SHA_DIGEST_SIZE; -#ifdef SHOW_MASTER_SECRET - printf("Handshake hash:\n"); - DumpOctetString(ssh->h, ssh->hSz); -#endif if (ssh->sessionIdSz == 0) { WMEMCPY(ssh->sessionId, ssh->h, ssh->hSz); ssh->sessionIdSz = ssh->hSz; @@ -2316,17 +2313,17 @@ int SendKexDhReply(WOLFSSH* ssh) uint8_t encSig[512]; uint32_t encSigSz; - InitSha(&sha); - ShaUpdate(&sha, ssh->h, ssh->hSz); - ShaFinal(&sha, digest); + wc_InitSha(&sha); + wc_ShaUpdate(&sha, ssh->h, ssh->hSz); + wc_ShaFinal(&sha, digest); - encSigSz = EncodeSignature(encSig, digest, sizeof(digest), SHAh); + encSigSz = wc_EncodeSignature(encSig, digest, sizeof(digest), SHAh); if (encSigSz <= 0) { WLOG(WS_LOG_DEBUG, "SendKexDhReply: Bad Encode Sig"); } else { /* At this point, sigSz should already be sizeof(sig) */ - sigSz = RsaSSL_Sign(encSig, encSigSz, + sigSz = wc_RsaSSL_Sign(encSig, encSigSz, sig, sigSz, &rsaKey, ssh->rng); if (sigSz <= 0) { WLOG(WS_LOG_DEBUG, "SendKexDhReply: Bad RSA Sign"); @@ -2336,7 +2333,7 @@ int SendKexDhReply(WOLFSSH* ssh) } } } - FreeRsaKey(&rsaKey); + wc_FreeRsaKey(&rsaKey); sigBlockSz = (LENGTH_SZ * 2) + 7 + sigSz; GenerateKeys(ssh); @@ -2424,9 +2421,9 @@ int SendNewKeys(WOLFSSH* ssh) case ID_AES128_CBC: WLOG(WS_LOG_DEBUG, "SNK: using cipher aes128-cbc"); - AesSetKey(&ssh->encryptCipher.aes, - ssh->encKeyServer, ssh->encKeyServerSz, - ssh->ivServer, AES_ENCRYPTION); + wc_AesSetKey(&ssh->encryptCipher.aes, + ssh->encKeyServer, ssh->encKeyServerSz, + ssh->ivServer, AES_ENCRYPTION); break; default: diff --git a/src/ssh.c b/src/ssh.c index d29d0d0f..c8ab078e 100644 --- a/src/ssh.c +++ b/src/ssh.c @@ -33,8 +33,8 @@ #include #include #include -#include -#include +#include +#include #ifndef min @@ -153,7 +153,7 @@ static WOLFSSH* SshInit(WOLFSSH* ssh, WOLFSSH_CTX* ctx) } rng = (RNG*)WMALLOC(sizeof(RNG), ctx->heap, DYNTYPE_RNG); - if (rng == NULL || InitRng(rng) != 0) { + if (rng == NULL || wc_InitRng(rng) != 0) { wolfSSH_free(ssh); return NULL; } @@ -185,7 +185,7 @@ static WOLFSSH* SshInit(WOLFSSH* ssh, WOLFSSH_CTX* ctx) if (BufferInit(&ssh->inputBuffer, 0, ctx->heap) != WS_SUCCESS || BufferInit(&ssh->outputBuffer, 0, ctx->heap) != WS_SUCCESS || - InitSha(&ssh->handshake->hash) != 0) { + wc_InitSha(&ssh->handshake->hash) != 0) { wolfSSH_free(ssh); ssh = NULL; @@ -555,13 +555,13 @@ static int ProcessBuffer(WOLFSSH_CTX* ctx, const uint8_t* in, uint32_t inSz, RsaKey key; uint32_t scratch = 0; - if (InitRsaKey(&key, NULL) < 0) + if (wc_InitRsaKey(&key, NULL) < 0) return WS_RSA_E; - if (RsaPrivateKeyDecode(der, &scratch, &key, derSz) < 0) + if (wc_RsaPrivateKeyDecode(der, &scratch, &key, derSz) < 0) return WS_BAD_FILE_E; - FreeRsaKey(&key); + wc_FreeRsaKey(&key); } return WS_SUCCESS; diff --git a/wolfssh/internal.h b/wolfssh/internal.h index 92d6f5fd..ed696659 100644 --- a/wolfssh/internal.h +++ b/wolfssh/internal.h @@ -30,11 +30,11 @@ #pragma once #include -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include #if !defined (ALIGN16)