mirror of https://github.com/wolfSSL/wolfssh.git
Update the MAC and Block size based on the algo IDs.
parent
9bb2576136
commit
a430fc7e27
|
@ -34,6 +34,7 @@
|
||||||
#include <wolfssh/ssh.h>
|
#include <wolfssh/ssh.h>
|
||||||
#include <wolfssh/internal.h>
|
#include <wolfssh/internal.h>
|
||||||
#include <wolfssh/log.h>
|
#include <wolfssh/log.h>
|
||||||
|
#include <cyassl/ctaocrypt/aes.h>
|
||||||
|
|
||||||
|
|
||||||
/* convert opaque to 32 bit integer */
|
/* convert opaque to 32 bit integer */
|
||||||
|
@ -552,6 +553,31 @@ static uint8_t MatchIdLists(const uint8_t* left, uint32_t leftSz,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static uint8_t BlockSzForId(uint8_t id)
|
||||||
|
{
|
||||||
|
switch (id) {
|
||||||
|
case ID_AES128_CBC:
|
||||||
|
case ID_AES128_CTR:
|
||||||
|
return AES_BLOCK_SIZE;
|
||||||
|
default:
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static uint8_t MacSzForId(uint8_t id)
|
||||||
|
{
|
||||||
|
switch (id) {
|
||||||
|
case ID_HMAC_SHA1:
|
||||||
|
return SHA_DIGEST_SIZE;
|
||||||
|
case ID_HMAC_SHA1_96:
|
||||||
|
return (96/8); /* 96 bits */
|
||||||
|
default:
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
|
static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
|
||||||
{
|
{
|
||||||
uint8_t algoId;
|
uint8_t algoId;
|
||||||
|
@ -599,7 +625,7 @@ static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
|
||||||
WLOG(WS_LOG_DEBUG, "Unable to negotiate KEX Algo");
|
WLOG(WS_LOG_DEBUG, "Unable to negotiate KEX Algo");
|
||||||
return WS_INVALID_ALGO_ID;
|
return WS_INVALID_ALGO_ID;
|
||||||
}
|
}
|
||||||
else
|
|
||||||
ssh->handshake->keyExchangeId = algoId;
|
ssh->handshake->keyExchangeId = algoId;
|
||||||
|
|
||||||
/* Server Host Key Algorithms */
|
/* Server Host Key Algorithms */
|
||||||
|
@ -611,7 +637,7 @@ static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
|
||||||
WLOG(WS_LOG_DEBUG, "Unable to negotiate Server Host Key Algo");
|
WLOG(WS_LOG_DEBUG, "Unable to negotiate Server Host Key Algo");
|
||||||
return WS_INVALID_ALGO_ID;
|
return WS_INVALID_ALGO_ID;
|
||||||
}
|
}
|
||||||
else
|
|
||||||
ssh->handshake->publicKeyId = algoId;
|
ssh->handshake->publicKeyId = algoId;
|
||||||
|
|
||||||
/* Enc Algorithms - Client to Server */
|
/* Enc Algorithms - Client to Server */
|
||||||
|
@ -632,8 +658,9 @@ static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
|
||||||
WLOG(WS_LOG_DEBUG, "Unable to negotiate Encryption Algo S2C");
|
WLOG(WS_LOG_DEBUG, "Unable to negotiate Encryption Algo S2C");
|
||||||
return WS_INVALID_ALGO_ID;
|
return WS_INVALID_ALGO_ID;
|
||||||
}
|
}
|
||||||
else
|
|
||||||
ssh->handshake->encryptionId = algoId;
|
ssh->handshake->encryptionId = algoId;
|
||||||
|
ssh->handshake->blockSz = BlockSzForId(algoId);
|
||||||
|
|
||||||
/* MAC Algorithms - Client to Server */
|
/* MAC Algorithms - Client to Server */
|
||||||
WLOG(WS_LOG_DEBUG, "DKI: MAC Algorithms - Client to Server");
|
WLOG(WS_LOG_DEBUG, "DKI: MAC Algorithms - Client to Server");
|
||||||
|
@ -653,8 +680,9 @@ static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
|
||||||
WLOG(WS_LOG_DEBUG, "Unable to negotiate MAC Algo S2C");
|
WLOG(WS_LOG_DEBUG, "Unable to negotiate MAC Algo S2C");
|
||||||
return WS_INVALID_ALGO_ID;
|
return WS_INVALID_ALGO_ID;
|
||||||
}
|
}
|
||||||
else
|
|
||||||
ssh->handshake->integrityId = algoId;
|
ssh->handshake->integrityId = algoId;
|
||||||
|
ssh->handshake->macSz = MacSzForId(algoId);
|
||||||
|
|
||||||
/* The compression algorithm lists should have none as a value. */
|
/* The compression algorithm lists should have none as a value. */
|
||||||
algoId = ID_NONE;
|
algoId = ID_NONE;
|
||||||
|
|
|
@ -135,6 +135,9 @@ typedef struct HandshakeInfo {
|
||||||
uint8_t integrityId;
|
uint8_t integrityId;
|
||||||
uint8_t kexPacketFollows;
|
uint8_t kexPacketFollows;
|
||||||
|
|
||||||
|
uint8_t blockSz;
|
||||||
|
uint8_t macSz;
|
||||||
|
|
||||||
Sha hash;
|
Sha hash;
|
||||||
uint8_t session_id[SHA_DIGEST_SIZE];
|
uint8_t session_id[SHA_DIGEST_SIZE];
|
||||||
} HandshakeInfo;
|
} HandshakeInfo;
|
||||||
|
@ -154,6 +157,7 @@ struct WOLFSSH {
|
||||||
uint32_t seq;
|
uint32_t seq;
|
||||||
uint32_t peerSeq;
|
uint32_t peerSeq;
|
||||||
uint8_t blockSz;
|
uint8_t blockSz;
|
||||||
|
uint8_t macSz;
|
||||||
uint8_t acceptState;
|
uint8_t acceptState;
|
||||||
uint8_t clientState;
|
uint8_t clientState;
|
||||||
uint8_t processReplyState;
|
uint8_t processReplyState;
|
||||||
|
|
Loading…
Reference in New Issue