mirror of https://github.com/wolfSSL/wolfssh.git
RFC 8332
1. Add server auth support for RSA signing with SHA2-256 and SHA2-512.pull/517/head
John Safranek
parent
f41135dbd9
commit
826a045bf4
18
src/agent.c
18
src/agent.c
|
|
@ -668,8 +668,8 @@ static WOLFSSH_AGENT_ID* FindKeyId(WOLFSSH_AGENT_ID* id,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#if !defined(WOLFSSH_NO_SSH_RSA_SHA2_256) || \
|
#if !defined(WOLFSSH_NO_RSA_SHA2_256) || \
|
||||||
!defined(WOLFSSH_NO_SSH_RSA_SHA2_512)
|
!defined(WOLFSSH_NO_RSA_SHA2_512)
|
||||||
|
|
||||||
static int SignHashRsa(WOLFSSH_AGENT_KEY_RSA* rawKey, enum wc_HashType hashType,
|
static int SignHashRsa(WOLFSSH_AGENT_KEY_RSA* rawKey, enum wc_HashType hashType,
|
||||||
const byte* digest, word32 digestSz, byte* sig, word32* sigSz,
|
const byte* digest, word32 digestSz, byte* sig, word32* sigSz,
|
||||||
|
|
@ -710,7 +710,7 @@ static int SignHashRsa(WOLFSSH_AGENT_KEY_RSA* rawKey, enum wc_HashType hashType,
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* WOLFSSH_NO_SSH_RSA_SHA2_256/512 */
|
#endif /* WOLFSSH_NO_RSA_SHA2_256/512 */
|
||||||
|
|
||||||
|
|
||||||
#if !defined(WOLFSSH_NO_ECDSA_SHA2_NISTP256) || \
|
#if !defined(WOLFSSH_NO_ECDSA_SHA2_NISTP256) || \
|
||||||
|
|
@ -804,16 +804,16 @@ static int PostSignRequest(WOLFSSH_AGENT_CTX* agent,
|
||||||
|
|
||||||
if (ret == WS_SUCCESS) {
|
if (ret == WS_SUCCESS) {
|
||||||
switch (id->keyType) {
|
switch (id->keyType) {
|
||||||
#if !defined(WOLFSSH_NO_SSH_RSA_SHA2_256) || \
|
#if !defined(WOLFSSH_NO_RSA_SHA2_256) || \
|
||||||
!defined(WOLFSSH_NO_SSH_RSA_SHA2_512)
|
!defined(WOLFSSH_NO_RSA_SHA2_512)
|
||||||
case ID_SSH_RSA:
|
case ID_SSH_RSA:
|
||||||
signRsa = 1;
|
signRsa = 1;
|
||||||
#ifndef WOLFSSH_NO_SSH_RSA_SHA2_256
|
#ifndef WOLFSSH_NO_RSA_SHA2_256
|
||||||
if (flags & AGENT_SIGN_RSA_SHA2_256)
|
if (flags & AGENT_SIGN_RSA_SHA2_256)
|
||||||
hashType = WC_HASH_TYPE_SHA256;
|
hashType = WC_HASH_TYPE_SHA256;
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
#ifndef WOLFSSH_NO_SSH_RSA_SHA2_512
|
#ifndef WOLFSSH_NO_RSA_SHA2_512
|
||||||
if (flags & AGENT_SIGN_RSA_SHA2_512)
|
if (flags & AGENT_SIGN_RSA_SHA2_512)
|
||||||
hashType = WC_HASH_TYPE_SHA512;
|
hashType = WC_HASH_TYPE_SHA512;
|
||||||
else
|
else
|
||||||
|
|
@ -854,8 +854,8 @@ static int PostSignRequest(WOLFSSH_AGENT_CTX* agent,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret == WS_SUCCESS) {
|
if (ret == WS_SUCCESS) {
|
||||||
#if !defined(WOLFSSH_NO_SSH_RSA_SHA2_256) || \
|
#if !defined(WOLFSSH_NO_RSA_SHA2_256) || \
|
||||||
!defined(WOLFSSH_NO_SSH_RSA_SHA2_512)
|
!defined(WOLFSSH_NO_RSA_SHA2_512)
|
||||||
if (signRsa)
|
if (signRsa)
|
||||||
ret = SignHashRsa(&id->key.rsa, hashType,
|
ret = SignHashRsa(&id->key.rsa, hashType,
|
||||||
digest, digestSz, sig, &sigSz, &agent->rng, agent->heap);
|
digest, digestSz, sig, &sigSz, &agent->rng, agent->heap);
|
||||||
|
|
|
||||||
932
src/internal.c
932
src/internal.c
File diff suppressed because it is too large
Load Diff
78
tests/api.c
78
tests/api.c
|
|
@ -283,7 +283,7 @@ static const char serverKeyEccDer[] =
|
||||||
static const byte serverKeyEccCurveId = ID_ECDSA_SHA2_NISTP521;
|
static const byte serverKeyEccCurveId = ID_ECDSA_SHA2_NISTP521;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef WOLFSSH_NO_SSH_RSA_SHA1
|
#ifndef WOLFSSH_NO_RSA
|
||||||
static const char serverKeyRsaDer[] =
|
static const char serverKeyRsaDer[] =
|
||||||
"308204a30201000282010100da5dad2514761559f340fd3cb86230b36dc0f9ec"
|
"308204a30201000282010100da5dad2514761559f340fd3cb86230b36dc0f9ec"
|
||||||
"ec8b831e9e429cca416ad38ae15234e00d13627ed40fae5c4d04f18dfac5ad77"
|
"ec8b831e9e429cca416ad38ae15234e00d13627ed40fae5c4d04f18dfac5ad77"
|
||||||
|
|
@ -330,13 +330,11 @@ static void test_wolfSSH_CTX_UsePrivateKey_buffer(void)
|
||||||
{
|
{
|
||||||
#ifndef WOLFSSH_NO_SERVER
|
#ifndef WOLFSSH_NO_SERVER
|
||||||
WOLFSSH_CTX* ctx;
|
WOLFSSH_CTX* ctx;
|
||||||
#if !defined(WOLFSSH_NO_ECDSA_SHA2_NISTP256) || \
|
#ifndef WOLFSSH_NO_ECDSA
|
||||||
!defined(WOLFSSH_NO_ECDSA_SHA2_NISTP384) || \
|
|
||||||
!defined(WOLFSSH_NO_ECDSA_SHA2_NISTP521)
|
|
||||||
byte* eccKey;
|
byte* eccKey;
|
||||||
word32 eccKeySz;
|
word32 eccKeySz;
|
||||||
#endif
|
#endif
|
||||||
#ifndef WOLFSSH_NO_SSH_RSA_SHA1
|
#ifndef WOLFSSH_NO_RSA
|
||||||
byte* rsaKey;
|
byte* rsaKey;
|
||||||
word32 rsaKeySz;
|
word32 rsaKeySz;
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -344,16 +342,14 @@ static void test_wolfSSH_CTX_UsePrivateKey_buffer(void)
|
||||||
word32 lastKeySz = 0;
|
word32 lastKeySz = 0;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
#if !defined(WOLFSSH_NO_ECDSA_SHA2_NISTP256) || \
|
#ifndef WOLFSSH_NO_ECC
|
||||||
!defined(WOLFSSH_NO_ECDSA_SHA2_NISTP384) || \
|
|
||||||
!defined(WOLFSSH_NO_ECDSA_SHA2_NISTP521)
|
|
||||||
AssertIntEQ(0,
|
AssertIntEQ(0,
|
||||||
ConvertHexToBin(serverKeyEccDer, &eccKey, &eccKeySz,
|
ConvertHexToBin(serverKeyEccDer, &eccKey, &eccKeySz,
|
||||||
NULL, NULL, NULL,
|
NULL, NULL, NULL,
|
||||||
NULL, NULL, NULL,
|
NULL, NULL, NULL,
|
||||||
NULL, NULL, NULL));
|
NULL, NULL, NULL));
|
||||||
#endif
|
#endif
|
||||||
#ifndef WOLFSSH_NO_SSH_RSA_SHA1
|
#ifndef WOLFSSH_NO_RSA
|
||||||
AssertIntEQ(0,
|
AssertIntEQ(0,
|
||||||
ConvertHexToBin(serverKeyRsaDer, &rsaKey, &rsaKeySz,
|
ConvertHexToBin(serverKeyRsaDer, &rsaKey, &rsaKeySz,
|
||||||
NULL, NULL, NULL,
|
NULL, NULL, NULL,
|
||||||
|
|
@ -363,85 +359,85 @@ static void test_wolfSSH_CTX_UsePrivateKey_buffer(void)
|
||||||
|
|
||||||
AssertNotNull(ctx = wolfSSH_CTX_new(WOLFSSH_ENDPOINT_SERVER, NULL));
|
AssertNotNull(ctx = wolfSSH_CTX_new(WOLFSSH_ENDPOINT_SERVER, NULL));
|
||||||
for (i = 0; i < WOLFSSH_MAX_PVT_KEYS; i++) {
|
for (i = 0; i < WOLFSSH_MAX_PVT_KEYS; i++) {
|
||||||
AssertNull(ctx->privateKey[i]);
|
AssertNull(ctx->privateKey[i].key);
|
||||||
AssertIntEQ(0, ctx->privateKeySz[i]);
|
AssertIntEQ(0, ctx->privateKey[i].keySz);
|
||||||
AssertIntEQ(ID_NONE, ctx->privateKeyId[i]);
|
AssertIntEQ(ID_NONE, ctx->privateKey[i].publicKeyFmt);
|
||||||
}
|
}
|
||||||
AssertIntEQ(0, ctx->privateKeyCount);
|
AssertIntEQ(0, ctx->privateKeyCount);
|
||||||
|
|
||||||
/* Fail: all NULL/BAD */
|
/* Fail: all NULL/BAD */
|
||||||
AssertIntNE(WS_SUCCESS,
|
AssertIntNE(WS_SUCCESS,
|
||||||
wolfSSH_CTX_UsePrivateKey_buffer(NULL, NULL, 0, TEST_BAD_FORMAT_NEXT));
|
wolfSSH_CTX_UsePrivateKey_buffer(NULL, NULL, 0, TEST_BAD_FORMAT_NEXT));
|
||||||
AssertNull(ctx->privateKey[0]);
|
AssertNull(ctx->privateKey[0].key);
|
||||||
AssertIntEQ(0, ctx->privateKeySz[0]);
|
AssertIntEQ(0, ctx->privateKey[0].keySz);
|
||||||
AssertIntEQ(ID_NONE, ctx->privateKeyId[0]);
|
AssertIntEQ(ID_NONE, ctx->privateKey[0].publicKeyFmt);
|
||||||
AssertIntEQ(0, ctx->privateKeyCount);
|
AssertIntEQ(0, ctx->privateKeyCount);
|
||||||
|
|
||||||
/* Fail: ctx set, others NULL/bad */
|
/* Fail: ctx set, others NULL/bad */
|
||||||
AssertIntNE(WS_SUCCESS,
|
AssertIntNE(WS_SUCCESS,
|
||||||
wolfSSH_CTX_UsePrivateKey_buffer(ctx, NULL, 0, TEST_BAD_FORMAT_NEXT));
|
wolfSSH_CTX_UsePrivateKey_buffer(ctx, NULL, 0, TEST_BAD_FORMAT_NEXT));
|
||||||
AssertNull(ctx->privateKey[0]);
|
AssertNull(ctx->privateKey[0].key);
|
||||||
AssertIntEQ(0, ctx->privateKeySz[0]);
|
AssertIntEQ(0, ctx->privateKey[0].keySz);
|
||||||
AssertIntEQ(ID_NONE, ctx->privateKeyId[0]);
|
AssertIntEQ(ID_NONE, ctx->privateKey[0].publicKeyFmt);
|
||||||
AssertIntEQ(0, ctx->privateKeyCount);
|
AssertIntEQ(0, ctx->privateKeyCount);
|
||||||
|
|
||||||
/* Fail: ctx set, key set, others bad */
|
/* Fail: ctx set, key set, others bad */
|
||||||
AssertIntNE(WS_SUCCESS,
|
AssertIntNE(WS_SUCCESS,
|
||||||
wolfSSH_CTX_UsePrivateKey_buffer(ctx,
|
wolfSSH_CTX_UsePrivateKey_buffer(ctx,
|
||||||
lastKey, 0, TEST_BAD_FORMAT_NEXT));
|
lastKey, 0, TEST_BAD_FORMAT_NEXT));
|
||||||
AssertNull(ctx->privateKey[0]);
|
AssertNull(ctx->privateKey[0].key);
|
||||||
AssertIntEQ(0, ctx->privateKeySz[0]);
|
AssertIntEQ(0, ctx->privateKey[0].keySz);
|
||||||
AssertIntEQ(ID_NONE, ctx->privateKeyId[0]);
|
AssertIntEQ(ID_NONE, ctx->privateKey[0].publicKeyFmt);
|
||||||
AssertIntEQ(0, ctx->privateKeyCount);
|
AssertIntEQ(0, ctx->privateKeyCount);
|
||||||
|
|
||||||
/* Fail: ctx set, keySz set, others NULL/bad */
|
/* Fail: ctx set, keySz set, others NULL/bad */
|
||||||
AssertIntNE(WS_SUCCESS,
|
AssertIntNE(WS_SUCCESS,
|
||||||
wolfSSH_CTX_UsePrivateKey_buffer(ctx, NULL, 1, TEST_BAD_FORMAT_NEXT));
|
wolfSSH_CTX_UsePrivateKey_buffer(ctx, NULL, 1, TEST_BAD_FORMAT_NEXT));
|
||||||
AssertNull(ctx->privateKey[0]);
|
AssertNull(ctx->privateKey[0].key);
|
||||||
AssertIntEQ(0, ctx->privateKeySz[0]);
|
AssertIntEQ(0, ctx->privateKey[0].keySz);
|
||||||
AssertIntEQ(ID_NONE, ctx->privateKeyId[0]);
|
AssertIntEQ(ID_NONE, ctx->privateKey[0].publicKeyFmt);
|
||||||
AssertIntEQ(0, ctx->privateKeyCount);
|
AssertIntEQ(0, ctx->privateKeyCount);
|
||||||
|
|
||||||
/* Fail: ctx set, key set, keySz set, format invalid */
|
/* Fail: ctx set, key set, keySz set, format invalid */
|
||||||
AssertIntNE(WS_SUCCESS, wolfSSH_CTX_UsePrivateKey_buffer(ctx,
|
AssertIntNE(WS_SUCCESS, wolfSSH_CTX_UsePrivateKey_buffer(ctx,
|
||||||
lastKey, lastKeySz, TEST_GOOD_FORMAT_PEM));
|
lastKey, lastKeySz, TEST_GOOD_FORMAT_PEM));
|
||||||
AssertNull(ctx->privateKey[0]);
|
AssertNull(ctx->privateKey[0].key);
|
||||||
AssertIntEQ(0, ctx->privateKeySz[0]);
|
AssertIntEQ(0, ctx->privateKey[0].keySz);
|
||||||
AssertIntEQ(ID_NONE, ctx->privateKeyId[0]);
|
AssertIntEQ(ID_NONE, ctx->privateKey[0].publicKeyFmt);
|
||||||
AssertIntEQ(0, ctx->privateKeyCount);
|
AssertIntEQ(0, ctx->privateKeyCount);
|
||||||
|
|
||||||
/* Pass */
|
/* Pass */
|
||||||
#if !defined(WOLFSSH_NO_ECDSA_SHA2_NISTP256) || \
|
#if !defined(WOLFSSH_NO_ECDSA_SHA2_NISTP256) || \
|
||||||
!defined(WOLFSSH_NO_ECDSA_SHA2_NISTP384) || \
|
!defined(WOLFSSH_NO_ECDSA_SHA2_NISTP384) || \
|
||||||
!defined(WOLFSSH_NO_ECDSA_SHA2_NISTP521)
|
!defined(WOLFSSH_NO_ECDSA_SHA2_NISTP521)
|
||||||
lastKey = ctx->privateKey[ctx->privateKeyCount];
|
lastKey = ctx->privateKey[ctx->privateKeyCount].key;
|
||||||
lastKeySz = ctx->privateKeySz[ctx->privateKeyCount];
|
lastKeySz = ctx->privateKey[ctx->privateKeyCount].keySz;
|
||||||
|
|
||||||
AssertIntEQ(WS_SUCCESS,
|
AssertIntEQ(WS_SUCCESS,
|
||||||
wolfSSH_CTX_UsePrivateKey_buffer(ctx, eccKey, eccKeySz,
|
wolfSSH_CTX_UsePrivateKey_buffer(ctx, eccKey, eccKeySz,
|
||||||
TEST_GOOD_FORMAT_ASN1));
|
TEST_GOOD_FORMAT_ASN1));
|
||||||
AssertIntEQ(1, ctx->privateKeyCount);
|
AssertIntEQ(1, ctx->privateKeyCount);
|
||||||
AssertNotNull(ctx->privateKey[0]);
|
AssertNotNull(ctx->privateKey[0].key);
|
||||||
AssertIntNE(0, ctx->privateKeySz[0]);
|
AssertIntNE(0, ctx->privateKey[0].keySz);
|
||||||
AssertIntEQ(serverKeyEccCurveId, ctx->privateKeyId[0]);
|
AssertIntEQ(serverKeyEccCurveId, ctx->privateKey[0].publicKeyFmt);
|
||||||
|
|
||||||
AssertIntEQ(0, (lastKey == ctx->privateKey[0]));
|
AssertIntEQ(0, (lastKey == ctx->privateKey[0].key));
|
||||||
AssertIntNE(lastKeySz, ctx->privateKeySz[0]);
|
AssertIntNE(lastKeySz, ctx->privateKey[0].keySz);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef WOLFSSH_NO_SSH_RSA_SHA1
|
#ifndef WOLFSSH_NO_SSH_RSA_SHA1
|
||||||
lastKey = ctx->privateKey[ctx->privateKeyCount];
|
lastKey = ctx->privateKey[ctx->privateKeyCount].key;
|
||||||
lastKeySz = ctx->privateKeySz[ctx->privateKeyCount];
|
lastKeySz = ctx->privateKey[ctx->privateKeyCount].keySz;
|
||||||
|
|
||||||
AssertIntEQ(WS_SUCCESS,
|
AssertIntEQ(WS_SUCCESS,
|
||||||
wolfSSH_CTX_UsePrivateKey_buffer(ctx, rsaKey, rsaKeySz,
|
wolfSSH_CTX_UsePrivateKey_buffer(ctx, rsaKey, rsaKeySz,
|
||||||
TEST_GOOD_FORMAT_ASN1));
|
TEST_GOOD_FORMAT_ASN1));
|
||||||
AssertIntNE(0, ctx->privateKeyCount);
|
AssertIntNE(0, ctx->privateKeyCount);
|
||||||
AssertNotNull(ctx->privateKey[0]);
|
AssertNotNull(ctx->privateKey[0].key);
|
||||||
AssertIntNE(0, ctx->privateKeySz[0]);
|
AssertIntNE(0, ctx->privateKey[0].keySz);
|
||||||
|
|
||||||
AssertIntEQ(0, (lastKey == ctx->privateKey[0]));
|
AssertIntEQ(0, (lastKey == ctx->privateKey[0].key));
|
||||||
AssertIntNE(lastKeySz, ctx->privateKeySz[0]);
|
AssertIntNE(lastKeySz, ctx->privateKey[0].keySz);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Add the same keys again. This should succeed. */
|
/* Add the same keys again. This should succeed. */
|
||||||
|
|
@ -464,7 +460,7 @@ static void test_wolfSSH_CTX_UsePrivateKey_buffer(void)
|
||||||
!defined(WOLFSSH_NO_ECDSA_SHA2_NISTP521)
|
!defined(WOLFSSH_NO_ECDSA_SHA2_NISTP521)
|
||||||
FreeBins(eccKey, NULL, NULL, NULL);
|
FreeBins(eccKey, NULL, NULL, NULL);
|
||||||
#endif
|
#endif
|
||||||
#ifndef WOLFSSH_NO_SSH_RSA_SHA1
|
#ifndef WOLFSSH_NO_RSA
|
||||||
FreeBins(rsaKey, NULL, NULL, NULL);
|
FreeBins(rsaKey, NULL, NULL, NULL);
|
||||||
#endif
|
#endif
|
||||||
#endif /* WOLFSSH_NO_SERVER */
|
#endif /* WOLFSSH_NO_SERVER */
|
||||||
|
|
|
||||||
|
|
@ -65,9 +65,26 @@ extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/* Check options set by wolfSSL and set wolfSSH options as appropriate. If
|
/*
|
||||||
|
* Force some options. Do not want ssh-rsa with SHA1 at anymore. Not ready
|
||||||
|
* for rsa-sha2-512 yet.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#undef WOLFSSH_NO_SSH_RSA_SHA1
|
||||||
|
#ifndef WOLFSSH_YES_SSH_RSA_SHA1
|
||||||
|
#define WOLFSSH_NO_SSH_RSA_SHA1
|
||||||
|
#endif
|
||||||
|
#undef WOLFSSH_NO_RSA_SHA2_512
|
||||||
|
#ifndef WOLFSSH_YES_RSA_SHA2_512
|
||||||
|
#define WOLFSSH_NO_RSA_SHA2_512
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Check options set by wolfSSL and set wolfSSH options as appropriate. If
|
||||||
* the derived options and any override options leave wolfSSH without
|
* the derived options and any override options leave wolfSSH without
|
||||||
* at least one algorithm to use, throw an error. */
|
* at least one algorithm to use, throw an error.
|
||||||
|
*/
|
||||||
|
|
||||||
#ifdef NO_RSA
|
#ifdef NO_RSA
|
||||||
#undef WOLFSSH_NO_RSA
|
#undef WOLFSSH_NO_RSA
|
||||||
|
|
@ -123,15 +140,18 @@ extern "C" {
|
||||||
#undef WOLFSSH_NO_DH_GEX_SHA256
|
#undef WOLFSSH_NO_DH_GEX_SHA256
|
||||||
#define WOLFSSH_NO_DH_GEX_SHA256
|
#define WOLFSSH_NO_DH_GEX_SHA256
|
||||||
#endif
|
#endif
|
||||||
#if defined(WOLFSSH_NO_ECDH) || defined(NO_SHA256) || defined(NO_ECC256)
|
#if defined(WOLFSSH_NO_ECDH) \
|
||||||
|
|| defined(NO_SHA256) || defined(NO_ECC256)
|
||||||
#undef WOLFSSH_NO_ECDH_SHA2_NISTP256
|
#undef WOLFSSH_NO_ECDH_SHA2_NISTP256
|
||||||
#define WOLFSSH_NO_ECDH_SHA2_NISTP256
|
#define WOLFSSH_NO_ECDH_SHA2_NISTP256
|
||||||
#endif
|
#endif
|
||||||
#if defined(WOLFSSH_NO_ECDH) || !defined(WOLFSSL_SHA384) || !defined(HAVE_ECC384)
|
#if defined(WOLFSSH_NO_ECDH) \
|
||||||
|
|| !defined(WOLFSSL_SHA384) || !defined(HAVE_ECC384)
|
||||||
#undef WOLFSSH_NO_ECDH_SHA2_NISTP384
|
#undef WOLFSSH_NO_ECDH_SHA2_NISTP384
|
||||||
#define WOLFSSH_NO_ECDH_SHA2_NISTP384
|
#define WOLFSSH_NO_ECDH_SHA2_NISTP384
|
||||||
#endif
|
#endif
|
||||||
#if defined(WOLFSSH_NO_ECDH) || !defined(WOLFSSL_SHA512) || !defined(HAVE_ECC521)
|
#if defined(WOLFSSH_NO_ECDH) \
|
||||||
|
|| !defined(WOLFSSL_SHA512) || !defined(HAVE_ECC521)
|
||||||
#undef WOLFSSH_NO_ECDH_SHA2_NISTP521
|
#undef WOLFSSH_NO_ECDH_SHA2_NISTP521
|
||||||
#define WOLFSSH_NO_ECDH_SHA2_NISTP521
|
#define WOLFSSH_NO_ECDH_SHA2_NISTP521
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -174,12 +194,12 @@ extern "C" {
|
||||||
#define WOLFSSH_NO_SSH_RSA_SHA1
|
#define WOLFSSH_NO_SSH_RSA_SHA1
|
||||||
#endif
|
#endif
|
||||||
#if defined(WOLFSSH_NO_RSA) || defined(NO_SHA256)
|
#if defined(WOLFSSH_NO_RSA) || defined(NO_SHA256)
|
||||||
#undef WOLFSSH_NO_SSH_RSA_SHA2_256
|
#undef WOLFSSH_NO_RSA_SHA2_256
|
||||||
#define WOLFSSH_NO_SSH_RSA_SHA2_256
|
#define WOLFSSH_NO_RSA_SHA2_256
|
||||||
#endif
|
#endif
|
||||||
#if defined(WOLFSSH_NO_RSA) || !defined(WOLFSSL_SHA512)
|
#if defined(WOLFSSH_NO_RSA) || !defined(WOLFSSL_SHA512)
|
||||||
#undef WOLFSSH_NO_SSH_RSA_SHA2_512
|
#undef WOLFSSH_NO_RSA_SHA2_512
|
||||||
#define WOLFSSH_NO_SSH_RSA_SHA2_512
|
#define WOLFSSH_NO_RSA_SHA2_512
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(WOLFSSH_NO_ECDSA) || \
|
#if defined(WOLFSSH_NO_ECDSA) || \
|
||||||
|
|
@ -198,13 +218,17 @@ extern "C" {
|
||||||
#define WOLFSSH_NO_ECDSA_SHA2_NISTP521
|
#define WOLFSSH_NO_ECDSA_SHA2_NISTP521
|
||||||
#endif
|
#endif
|
||||||
#if defined(WOLFSSH_NO_SSH_RSA_SHA1) && \
|
#if defined(WOLFSSH_NO_SSH_RSA_SHA1) && \
|
||||||
|
defined(WOLFSSH_NO_RSA_SHA2_256) && \
|
||||||
|
defined(WOLFSSH_NO_RSA_SHA2_512) && \
|
||||||
defined(WOLFSSH_NO_ECDSA_SHA2_NISTP256) && \
|
defined(WOLFSSH_NO_ECDSA_SHA2_NISTP256) && \
|
||||||
defined(WOLFSSH_NO_ECDSA_SHA2_NISTP384) && \
|
defined(WOLFSSH_NO_ECDSA_SHA2_NISTP384) && \
|
||||||
defined(WOLFSSH_NO_ECDSA_SHA2_NISTP521)
|
defined(WOLFSSH_NO_ECDSA_SHA2_NISTP521)
|
||||||
#error "You need at least one signing algorithm."
|
#error "You need at least one signing algorithm."
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSH_NO_SSH_RSA_SHA1
|
#if defined(WOLFSSH_NO_SSH_RSA_SHA1) && \
|
||||||
|
defined(WOLFSSH_NO_RSA_SHA2_256) && \
|
||||||
|
defined(WOLFSSH_NO_RSA_SHA2_512)
|
||||||
#undef WOLFSSH_NO_RSA
|
#undef WOLFSSH_NO_RSA
|
||||||
#define WOLFSSH_NO_RSA
|
#define WOLFSSH_NO_RSA
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -290,7 +314,9 @@ enum {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Public Key IDs */
|
/* Public Key IDs */
|
||||||
ID_SSH_RSA,
|
ID_SSH_RSA, /* 0x16 */
|
||||||
|
ID_RSA_SHA2_256, /* 0x17 */
|
||||||
|
ID_RSA_SHA2_512,
|
||||||
ID_ECDSA_SHA2_NISTP256,
|
ID_ECDSA_SHA2_NISTP256,
|
||||||
ID_ECDSA_SHA2_NISTP384,
|
ID_ECDSA_SHA2_NISTP384,
|
||||||
ID_ECDSA_SHA2_NISTP521,
|
ID_ECDSA_SHA2_NISTP521,
|
||||||
|
|
@ -383,6 +409,9 @@ enum {
|
||||||
#ifndef WOLFSSH_MAX_PVT_KEYS
|
#ifndef WOLFSSH_MAX_PVT_KEYS
|
||||||
#define WOLFSSH_MAX_PVT_KEYS 2
|
#define WOLFSSH_MAX_PVT_KEYS 2
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef WOLFSSH_MAX_PUB_KEY_ALGO
|
||||||
|
#define WOLFSSH_MAX_PUB_KEY_ALGO (WOLFSSH_MAX_PVT_KEYS + 2)
|
||||||
|
#endif
|
||||||
|
|
||||||
WOLFSSH_LOCAL byte NameToId(const char*, word32);
|
WOLFSSH_LOCAL byte NameToId(const char*, word32);
|
||||||
WOLFSSH_LOCAL const char* IdToName(byte);
|
WOLFSSH_LOCAL const char* IdToName(byte);
|
||||||
|
|
@ -410,6 +439,21 @@ WOLFSSH_LOCAL int GrowBuffer(WOLFSSH_BUFFER* buf, word32 sz, word32 usedSz);
|
||||||
WOLFSSH_LOCAL void ShrinkBuffer(WOLFSSH_BUFFER* buf, int forcedFree);
|
WOLFSSH_LOCAL void ShrinkBuffer(WOLFSSH_BUFFER* buf, int forcedFree);
|
||||||
|
|
||||||
|
|
||||||
|
typedef struct WOLFSSH_PVT_KEY {
|
||||||
|
byte* key;
|
||||||
|
/* List of pointers to raw private keys. Owned by CTX. */
|
||||||
|
word32 keySz;
|
||||||
|
#ifdef WOLFSSH_CERTS
|
||||||
|
byte* cert;
|
||||||
|
/* Pointer to certificates for the private key. Owned by CTX. */
|
||||||
|
word32 certSz;
|
||||||
|
#endif
|
||||||
|
byte publicKeyFmt;
|
||||||
|
/* Public key format for the private key. Note, some public key
|
||||||
|
* formats are used with multiple public key signing algorithms. */
|
||||||
|
} WOLFSSH_PVT_KEY;
|
||||||
|
|
||||||
|
|
||||||
/* our wolfSSH Context */
|
/* our wolfSSH Context */
|
||||||
struct WOLFSSH_CTX {
|
struct WOLFSSH_CTX {
|
||||||
void* heap; /* heap hint */
|
void* heap; /* heap hint */
|
||||||
|
|
@ -438,17 +482,11 @@ struct WOLFSSH_CTX {
|
||||||
WOLFSSH_CERTMAN* certMan;
|
WOLFSSH_CERTMAN* certMan;
|
||||||
#endif /* WOLFSSH_CERTS */
|
#endif /* WOLFSSH_CERTS */
|
||||||
WS_CallbackPublicKeyCheck publicKeyCheckCb;
|
WS_CallbackPublicKeyCheck publicKeyCheckCb;
|
||||||
/* Check server's public key callback */
|
/* Check server's public key callback */
|
||||||
byte* privateKey[WOLFSSH_MAX_PVT_KEYS];
|
WOLFSSH_PVT_KEY privateKey[WOLFSSH_MAX_PVT_KEYS];
|
||||||
/* Owned by CTX */
|
|
||||||
word32 privateKeySz[WOLFSSH_MAX_PVT_KEYS];
|
|
||||||
#ifdef WOLFSSH_CERTS
|
|
||||||
/* public certificate matching the private key */
|
|
||||||
byte* cert[WOLFSSH_MAX_PVT_KEYS];
|
|
||||||
word32 certSz[WOLFSSH_MAX_PVT_KEYS];
|
|
||||||
#endif
|
|
||||||
byte privateKeyId[WOLFSSH_MAX_PVT_KEYS];
|
|
||||||
word32 privateKeyCount;
|
word32 privateKeyCount;
|
||||||
|
byte publicKeyAlgo[WOLFSSH_MAX_PUB_KEY_ALGO];
|
||||||
|
word32 publicKeyAlgoCount;
|
||||||
word32 highwaterMark;
|
word32 highwaterMark;
|
||||||
const char* banner;
|
const char* banner;
|
||||||
word32 bannerSz;
|
word32 bannerSz;
|
||||||
|
|
@ -480,11 +518,10 @@ typedef struct Keys {
|
||||||
typedef struct HandshakeInfo {
|
typedef struct HandshakeInfo {
|
||||||
byte kexId;
|
byte kexId;
|
||||||
byte kexIdGuess;
|
byte kexIdGuess;
|
||||||
|
byte kexHashId;
|
||||||
byte pubKeyId;
|
byte pubKeyId;
|
||||||
byte sigId;
|
|
||||||
byte encryptId;
|
byte encryptId;
|
||||||
byte macId;
|
byte macId;
|
||||||
byte hashId;
|
|
||||||
byte kexPacketFollows;
|
byte kexPacketFollows;
|
||||||
byte aeadMode;
|
byte aeadMode;
|
||||||
|
|
||||||
|
|
@ -493,9 +530,9 @@ typedef struct HandshakeInfo {
|
||||||
|
|
||||||
Keys keys;
|
Keys keys;
|
||||||
Keys peerKeys;
|
Keys peerKeys;
|
||||||
wc_HashAlg hash;
|
wc_HashAlg kexHash;
|
||||||
byte e[MAX_KEX_KEY_SZ+1]; /* May have a leading zero for unsigned
|
byte e[MAX_KEX_KEY_SZ+1]; /* May have a leading zero for unsigned
|
||||||
or is a Q_S value. */
|
or is a Q_S value. */
|
||||||
word32 eSz;
|
word32 eSz;
|
||||||
byte x[MAX_KEX_KEY_SZ+1]; /* May have a leading zero, for unsigned. */
|
byte x[MAX_KEX_KEY_SZ+1]; /* May have a leading zero, for unsigned. */
|
||||||
word32 xSz;
|
word32 xSz;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue