Merge pull request #525 from ejohnstown/even-more-rsa-userauth

RFC 8332: Part 2
2023-06-23 09:55:28 -07:00 · 2023-06-23 09:55:28 -07:00 · b17f73a585
parent 42cc83f5dd a4e194ba96
commit b17f73a585
3 changed files with 604 additions and 290 deletions
--- a/src/internal.c
+++ b/src/internal.c
--- a/wolfssh/error.h
+++ b/wolfssh/error.h
@ -127,8 +127,9 @@ enum WS_ErrorCodes {
    WS_CERT_PROFILE_E       = -1086, /* Cert doesn't meet profile reqs */
    WS_CERT_KEY_SIZE_E      = -1087, /* Key size error */
    WS_CTX_KEY_COUNT_E      = -1088, /* Adding too many private keys */
+    WS_MATCH_UA_KEY_ID_E    = -1089, /* Match user auth key key fail */
    
-    WS_LAST_E               = -1088  /* Update this to indicate last error */
+    WS_LAST_E               = -1089  /* Update this to indicate last error */
 };


--- a/wolfssh/internal.h
+++ b/wolfssh/internal.h
@ -312,10 +312,12 @@ enum {
 #ifndef WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256
    ID_ECDH_NISTP256_KYBER_LEVEL1_SHA256,
 #endif
+    ID_EXTINFO_S, /* Pseudo-KEX to indicate server extensions. */
+    ID_EXTINFO_C, /* Pseudo-KEX to indicate client extensions. */

    /* Public Key IDs */
-    ID_SSH_RSA, /* 0x16 */
-    ID_RSA_SHA2_256, /* 0x17 */
+    ID_SSH_RSA,
+    ID_RSA_SHA2_256,
    ID_RSA_SHA2_512,
    ID_ECDSA_SHA2_NISTP256,
    ID_ECDSA_SHA2_NISTP384,
@ -343,6 +345,8 @@ enum {
    ID_GLOBREQ_TCPIP_FWD,
    ID_GLOBREQ_TCPIP_FWD_CANCEL,

+    ID_EXTINFO_SERVER_SIG_ALGS,
+
    ID_UNKNOWN
 };

@ -727,6 +731,9 @@ struct WOLFSSH {
    void* publicKeyCheckCtx;
    byte  sendTerminalRequest;
    byte userAuthPkDone;
+    byte sendExtInfo;
+    byte* peerSigId;
+    word32 peerSigIdSz;

 #ifdef USE_WINDOWS_API
    word32 defaultAttr; /* default windows attributes */
@ -879,6 +886,7 @@ WOLFSSH_LOCAL int SendGlobalRequest(WOLFSSH *, const unsigned char *, word32, in
 WOLFSSH_LOCAL int SendDebug(WOLFSSH*, byte, const char*);
 WOLFSSH_LOCAL int SendServiceRequest(WOLFSSH*, byte);
 WOLFSSH_LOCAL int SendServiceAccept(WOLFSSH*, byte);
+WOLFSSH_LOCAL int SendExtInfo(WOLFSSH* ssh);
 WOLFSSH_LOCAL int SendUserAuthRequest(WOLFSSH*, byte, int);
 WOLFSSH_LOCAL int SendUserAuthSuccess(WOLFSSH*);
 WOLFSSH_LOCAL int SendUserAuthFailure(WOLFSSH*, byte);
@ -989,6 +997,7 @@ enum WS_MessageIds {
    MSGID_DEBUG = 4,
    MSGID_SERVICE_REQUEST = 5,
    MSGID_SERVICE_ACCEPT = 6,
+    MSGID_EXT_INFO = 7,

    MSGID_KEXINIT = 20,
    MSGID_NEWKEYS = 21,