mirror of https://github.com/wolfSSL/wolfssh.git
Update the MAC and Block size based on the algo IDs.
parent
9bb2576136
commit
a430fc7e27
|
@ -34,6 +34,7 @@
|
|||
#include <wolfssh/ssh.h>
|
||||
#include <wolfssh/internal.h>
|
||||
#include <wolfssh/log.h>
|
||||
#include <cyassl/ctaocrypt/aes.h>
|
||||
|
||||
|
||||
/* convert opaque to 32 bit integer */
|
||||
|
@ -552,6 +553,31 @@ static uint8_t MatchIdLists(const uint8_t* left, uint32_t leftSz,
|
|||
}
|
||||
|
||||
|
||||
static uint8_t BlockSzForId(uint8_t id)
|
||||
{
|
||||
switch (id) {
|
||||
case ID_AES128_CBC:
|
||||
case ID_AES128_CTR:
|
||||
return AES_BLOCK_SIZE;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static uint8_t MacSzForId(uint8_t id)
|
||||
{
|
||||
switch (id) {
|
||||
case ID_HMAC_SHA1:
|
||||
return SHA_DIGEST_SIZE;
|
||||
case ID_HMAC_SHA1_96:
|
||||
return (96/8); /* 96 bits */
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
|
||||
{
|
||||
uint8_t algoId;
|
||||
|
@ -599,7 +625,7 @@ static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
|
|||
WLOG(WS_LOG_DEBUG, "Unable to negotiate KEX Algo");
|
||||
return WS_INVALID_ALGO_ID;
|
||||
}
|
||||
else
|
||||
|
||||
ssh->handshake->keyExchangeId = algoId;
|
||||
|
||||
/* Server Host Key Algorithms */
|
||||
|
@ -611,7 +637,7 @@ static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
|
|||
WLOG(WS_LOG_DEBUG, "Unable to negotiate Server Host Key Algo");
|
||||
return WS_INVALID_ALGO_ID;
|
||||
}
|
||||
else
|
||||
|
||||
ssh->handshake->publicKeyId = algoId;
|
||||
|
||||
/* Enc Algorithms - Client to Server */
|
||||
|
@ -632,8 +658,9 @@ static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
|
|||
WLOG(WS_LOG_DEBUG, "Unable to negotiate Encryption Algo S2C");
|
||||
return WS_INVALID_ALGO_ID;
|
||||
}
|
||||
else
|
||||
|
||||
ssh->handshake->encryptionId = algoId;
|
||||
ssh->handshake->blockSz = BlockSzForId(algoId);
|
||||
|
||||
/* MAC Algorithms - Client to Server */
|
||||
WLOG(WS_LOG_DEBUG, "DKI: MAC Algorithms - Client to Server");
|
||||
|
@ -653,8 +680,9 @@ static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
|
|||
WLOG(WS_LOG_DEBUG, "Unable to negotiate MAC Algo S2C");
|
||||
return WS_INVALID_ALGO_ID;
|
||||
}
|
||||
else
|
||||
|
||||
ssh->handshake->integrityId = algoId;
|
||||
ssh->handshake->macSz = MacSzForId(algoId);
|
||||
|
||||
/* The compression algorithm lists should have none as a value. */
|
||||
algoId = ID_NONE;
|
||||
|
|
|
@ -135,6 +135,9 @@ typedef struct HandshakeInfo {
|
|||
uint8_t integrityId;
|
||||
uint8_t kexPacketFollows;
|
||||
|
||||
uint8_t blockSz;
|
||||
uint8_t macSz;
|
||||
|
||||
Sha hash;
|
||||
uint8_t session_id[SHA_DIGEST_SIZE];
|
||||
} HandshakeInfo;
|
||||
|
@ -154,6 +157,7 @@ struct WOLFSSH {
|
|||
uint32_t seq;
|
||||
uint32_t peerSeq;
|
||||
uint8_t blockSz;
|
||||
uint8_t macSz;
|
||||
uint8_t acceptState;
|
||||
uint8_t clientState;
|
||||
uint8_t processReplyState;
|
||||
|
|
Loading…
Reference in New Issue