refactor sending SFTP packets
try to make internal function names more clear, add comments, and update sftp example
add parsing names and most of attributes
add SFTP debug tag
add mkdir with SFTP
start of framework for get
add get command and keep track of working directory
base case of put command
basic sftp rename command
basic sftp rm command
initial basic rmdir command added
initial basic reget/reput commands
clean up absolute path to working directory
move location of sftp client app and more testing
add more comments and make code more readable
cast on values and add exit
adjust macro names and test make dist
adjust gitignore and macro names
gcc-7 build
revert nameListIdx increment to find ssh-rsa
more comments
fix for possible use uninitialized warning
initial SFTP accept
send status packet and start of realpath
server side mkdir
initial process of stat and lstat packets
initial processing of rmdir packet
basics for server handling SFTP get command
initial commit for server handling basic put command
initial handling of receiving remove packet
initial server handling of rename packet
initial implementation of handling directory packets
better checking on return values
set correct return value on successful read
additional sanity checks on user inputs
make send and read packet API name more clear
cast for warning building with clang
1. Added new error codes for being unable to match ciphers with peer.
2. Whitespace updates in the error header.
3. Added disable flag to leave out the default log callback so user can supply own custom callback.
1. A bounds check in `KexDhReply()` for fSz could be tricked into using an incorrect value and trigger a crash. Rearranged the inequality so it can't be tricked.
2. A bounds check in `GetUint32()` for the size of the length value being used could cause crashes. Rearranged the inequality so it can't be tricked.
3. Modified other similar bounds checks.
4. In `KexDhReply()` check the sigSz after reading.
1. Add a unit test to check all error codes have strings.
2. Add public function to return the error string for an error code.
3. Fill in the missing error strings.
4. Fix an error string (change a "verify" to "create").
1. Added a logging function that always works whether or not debugging is enabled.
2. Modified the WLOG macro to always be built in, but disables cleanly.
1. Add an automated test suite.
2. Refactor the existing test and example code to be better components for the test suite.
3. Rename some of the internal functions used by the examples and test suite.
4. Echoserver now only handles one connection at a time, has option to exit after single connection.
5. Echoserver can do the port zero trick for the test suite.
6. Some whitespace changes.
7. Added a `(void)` to a variable to hush an unused assignment warning.
1. Added support to the library for clients.
2. Added example client.
3. Added VS solutions for building client example.
4. Added ECC client keys. Renamed existing keys.
5. Since defunct server is copy of echoserver, updated it.
1. Added DLL builds.
2. Cleaned up some of the build configuration.
3. Updated the README files for building.
4. Renamed the function ProcessBuffer() with a prefix due to a conflicting name with wolfSSL.
5. Added test.h to include.am.
6. Moved the user_settings.h for wolfSSL into the wolfcrypt directory.
7. Changed the echoserver so that it binds to INADDR_ANY.
1. Added Windows Visual Studio build solution. Includes projects for:
* wolfSSH static library
* echoserver
* unit-test
* api-test
* 32- and 64-bit debug and release builds for all
2. Made necessary tweaks including adding some wrapper functions so the code compiles for both Linux/macOS and Windows.
3. Fixed a bug in the KDF test where the output buffer wasn't updated when SHA-256 was added.
4. Added the fallthrough attribute for GCC7.
5. Replaced all uses of `uint8_t`, `uint16_t`, and `uint32_t` with the wolfCrypt provided `byte`, `word16`, and `word32`.
6. Split the new channel function into new and init.
7. Added some ECC keys for authentication testing.
8. Moved some functions and includes around.
9. Removed the keying state machine and replaced with a flag.
10. Added rekey trigger if the client sends *CTRL-F* to echoserver.
11. Moved the sequence number increase outside `CreateMac()`. Incremented if the packet was successfully created. This way the sequence number is incremented when using AES-GCM.
12. Removed the redundant function `SendText()`.
13. Renamed the `clientId` related functions and data members to `protoId` to keep things role agnostic.
14. Changed all references of `clientKey` and `serverKey` to `keys` and `peerKeys`.
15. Updated `GenerateKeys()` to generate `keys` and `peerKeys` appropriately based on the endpoint side.
16. Added the wolfSSL style _test.h_ file to group shared example functions in one place.
17. Changed the echoserver to be similar to wolfSSL's where the code may be included without the main function in another executable.
Note:
This commit is a squash of more than a dozen commits. IDE support was added to the client branch, but the client branch is on hold. There were many changes in the client branch that are needed going forward. The code at the head of the client branch was copied over to the IDE branch, and the client code either deleted or removed from the build.
1. Added a user_settings.h file to be used with building wolfSSL.
2. Removed misc.c from the wolfSSH library project.
3. Added the WOLFSSL_USER_SETTINGS define to the wolfSSH library project.
4. Replaced vsnprintf() and localtime_r() with macros to use the correct functions for Win32 builds.
5. Replaced the misc.c warning with the VS style of doing it if building for Win32.
6. Defined USE_WINDOWS_API if _WIN32 is set.
Note: The wolfSSH library builds in 32-bit Debug mode. To do so, you need to add the directory holding the wolfSSL headers to the AdditionalIncludeDirectories list.
* Renamed the server key files to indicate they are rsa keys.
* Add ecc key files for the server.
* Move ProcessBuffer from ssh.c to internal.c.
* Remove #includes for headers from files that are not used.
* Added support for KEX algorithms: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521
* Updated readme
* Added support for the public key algorithm ecdsa-sha2-nistp256.
* Added support for public key algorithms ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521.
* The Key Algorithm list for the KEX picks a single value to offer based on the private key used.
* Added private keys on curves nistp384 and nistp521. The curve nistp256 is used as the default.
* Added the new ecc keys to include.am
2. Add wolfSSH_GetStats() to return session statistics.
3. Echoserver server_worker threads get a context with their
wolfSSH session, an ID number, and socket fd.
Filled out the message handling for the DH-GEX additional messages. To use
the DH-GEX, one needs to add the flag TEST_GEX. It is still a WIP. The
handshake state machine needs a change and the start of the hash calculation
needs to wait until receiving the client's KEX INIT message and the hash
type for the handshake signature can be resolved.
1. Added support for the wc_Hash wrappers. Need to keep track of the
hash being used.
2. Assumed SHA1 only, and modified everything to use the hash wrappers.
1. Add the banner to the WOLFSSH_CTX.
2. Moved the canned banner to be a debug option.
3. Default the banner to NULL of zero length.
4. Use the banner stored in the WOLFSSH_CTX.
5. Add an accessor to set the banner to a C string.
1. Added parsing of the Global Request message. Will log the request
name string.
2. Send global request failure response if reply is requested.
(This was an issue with a particular SSH client.)
client version string.
2. Shrink the receive buffer after reading the client version
string.
3. Resize the buffer correctly when needed data is already in the input
buffer and grab the remainder as expected.
1. Flushing out the keying state machine, taking it out of the accept
state machine.
2. Changed the HandshakeInfo record to be something that can be
recreated post-initial connection for rekeying.
3. Fixed the name of a previously unused size variable.
4. Moved some constants around.
1. Add stub rekey trigger function.
2. Add new default highwater callback that calls the rekey trigger
function.
3. Rename the highwater level as "mark" rather than "count".
4. Add a flag to call the highwater callback once, cleared when the
txCount is cleared when sending new keys message to peer.
5. Add new state machine for key exchange.
6. Start massaging the accept state machine for new KEX machine.
7. Update some default sizes, and replace magic numbers with named
constants.
8. Scale back the accept state machine to add in the KEX state
machine.
9. Capture the client version string and the server's KEX init message
for rekeying.
10. Add compiler flag to allow "none" as a user auth method.
1. Implemented the RSA key generation wrapper function.
2. Rearrange the unit test code.
3. Added RSA key generation wrapper function to unit test.
4. Removed certificate load from echoserver.
5. Not using certificates, removed the functions and storage.
6. Removed unused certificate files.
7. Renamed certs directory as keys.
8. Removed the example server from the build for now.
9. Created new server key with the RSA key generation function.
10. Add IDs for public keys for keygen use.
11. Whitespace cleanup.
2. Separate sets of keys for client and server.
3. Store generated keys in handshake info record.
4. Copy session keys over when sending and receiving the
New Keys message.
2. Changed logging of authentication requests.
3. Reply to "none" authentication types with a failure that
has the supported auth type list.
4. Fixed bug where passing payload to the DoUserAuthRequest wasn't
getting the correct payload length.
5. Reordered a couple utility functions.
2. Removed some outdated/incorrect comments.
3. Removed some of the debugging output clutter.
4. Fixed bug when trying to add multiple messages to a single packet.
1. Moved SendNewKeys() to SendKexDhReply() so both messages are sent
in the same packet.
2. Accept state machine checks return codes on Send functions.
3. Added a couple new states for some of the Send functions.
2. Fixed bug in DoPacket() that didn't increment the peer's packet sequence.
3. Fixed bug in Decrypt() where the AesCbcDecrypt case dropped through into error.
4. Refactoring the accept state machine.
5. Separating client and server block and MAC sizes.
6. Added client MAC checking.
7. Fixed bug where algorithm picking preferred server order over client.
8. Fixed bug where the algorithm list matching was checking out of bounds.
Jacob Barthelmeh
John Safranek
Chris Conlon
Aaron Jense
dgarske