Update the MAC and Block size based on the algo IDs.

2014-08-20 16:56:16 -07:00 · 2014-08-20 16:56:16 -07:00 · a430fc7e27
parent 9bb2576136
commit a430fc7e27
2 changed files with 42 additions and 10 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -34,6 +34,7 @@
 #include <wolfssh/ssh.h>
 #include <wolfssh/internal.h>
 #include <wolfssh/log.h>
+#include <cyassl/ctaocrypt/aes.h>


 /* convert opaque to 32 bit integer */
@ -552,6 +553,31 @@ static uint8_t MatchIdLists(const uint8_t* left, uint32_t leftSz,
 }


+static uint8_t BlockSzForId(uint8_t id)
+{
+    switch (id) {
+        case ID_AES128_CBC:
+        case ID_AES128_CTR:
+            return AES_BLOCK_SIZE;
+        default:
+            return 0;
+    }
+}
+
+
+static uint8_t MacSzForId(uint8_t id)
+{
+    switch (id) {
+        case ID_HMAC_SHA1:
+            return SHA_DIGEST_SIZE;
+        case ID_HMAC_SHA1_96:
+            return (96/8); /* 96 bits */
+        default:
+            return 0;
+    }
+}
+
+
 static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
 {
    uint8_t algoId;
@ -599,7 +625,7 @@ static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
        WLOG(WS_LOG_DEBUG, "Unable to negotiate KEX Algo");
        return WS_INVALID_ALGO_ID;
    }
-    else
+
    ssh->handshake->keyExchangeId = algoId;

    /* Server Host Key Algorithms */
@ -611,7 +637,7 @@ static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
        WLOG(WS_LOG_DEBUG, "Unable to negotiate Server Host Key Algo");
        return WS_INVALID_ALGO_ID;
    }
-    else
+
    ssh->handshake->publicKeyId = algoId;

    /* Enc Algorithms - Client to Server */
@ -632,8 +658,9 @@ static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
        WLOG(WS_LOG_DEBUG, "Unable to negotiate Encryption Algo S2C");
        return WS_INVALID_ALGO_ID;
    }
-    else
+
    ssh->handshake->encryptionId = algoId;
+    ssh->handshake->blockSz = BlockSzForId(algoId);

    /* MAC Algorithms - Client to Server */
    WLOG(WS_LOG_DEBUG, "DKI: MAC Algorithms - Client to Server");
@ -653,8 +680,9 @@ static int DoKexInit(WOLFSSH* ssh, uint8_t* buf, uint32_t len, uint32_t* idx)
        WLOG(WS_LOG_DEBUG, "Unable to negotiate MAC Algo S2C");
        return WS_INVALID_ALGO_ID;
    }
-    else
+
    ssh->handshake->integrityId = algoId;
+    ssh->handshake->macSz = MacSzForId(algoId);

    /* The compression algorithm lists should have none as a value. */
    algoId = ID_NONE;
--- a/wolfssh/internal.h
+++ b/wolfssh/internal.h
@ -135,6 +135,9 @@ typedef struct HandshakeInfo {
    uint8_t        integrityId;
    uint8_t        kexPacketFollows;

+    uint8_t        blockSz;
+    uint8_t        macSz;
+
    Sha            hash;
    uint8_t        session_id[SHA_DIGEST_SIZE];
 } HandshakeInfo;
@ -154,6 +157,7 @@ struct WOLFSSH {
    uint32_t       seq;
    uint32_t       peerSeq;
    uint8_t        blockSz;
+    uint8_t        macSz;
    uint8_t        acceptState;
    uint8_t        clientState;
    uint8_t        processReplyState;