1. Add an automated test suite.
2. Refactor the existing test and example code to be better components for the test suite.
3. Rename some of the internal functions used by the examples and test suite.
4. Echoserver now only handles one connection at a time, has option to exit after single connection.
5. Echoserver can do the port zero trick for the test suite.
6. Some whitespace changes.
7. Added a `(void)` to a variable to hush an unused assignment warning.
1. Added support to the library for clients.
2. Added example client.
3. Added VS solutions for building client example.
4. Added ECC client keys. Renamed existing keys.
5. Since defunct server is copy of echoserver, updated it.
1. Added DLL builds.
2. Cleaned up some of the build configuration.
3. Updated the README files for building.
4. Renamed the function ProcessBuffer() with a prefix due to a conflicting name with wolfSSL.
5. Added test.h to include.am.
6. Moved the user_settings.h for wolfSSL into the wolfcrypt directory.
7. Changed the echoserver so that it binds to INADDR_ANY.
1. Added Windows Visual Studio build solution. Includes projects for:
* wolfSSH static library
* echoserver
* unit-test
* api-test
* 32- and 64-bit debug and release builds for all
2. Made necessary tweaks including adding some wrapper functions so the code compiles for both Linux/macOS and Windows.
3. Fixed a bug in the KDF test where the output buffer wasn't updated when SHA-256 was added.
4. Added the fallthrough attribute for GCC7.
5. Replaced all uses of `uint8_t`, `uint16_t`, and `uint32_t` with the wolfCrypt provided `byte`, `word16`, and `word32`.
6. Split the new channel function into new and init.
7. Added some ECC keys for authentication testing.
8. Moved some functions and includes around.
9. Removed the keying state machine and replaced with a flag.
10. Added rekey trigger if the client sends *CTRL-F* to echoserver.
11. Moved the sequence number increase outside `CreateMac()`. Incremented if the packet was successfully created. This way the sequence number is incremented when using AES-GCM.
12. Removed the redundant function `SendText()`.
13. Renamed the `clientId` related functions and data members to `protoId` to keep things role agnostic.
14. Changed all references of `clientKey` and `serverKey` to `keys` and `peerKeys`.
15. Updated `GenerateKeys()` to generate `keys` and `peerKeys` appropriately based on the endpoint side.
16. Added the wolfSSL style _test.h_ file to group shared example functions in one place.
17. Changed the echoserver to be similar to wolfSSL's where the code may be included without the main function in another executable.
Note:
This commit is a squash of more than a dozen commits. IDE support was added to the client branch, but the client branch is on hold. There were many changes in the client branch that are needed going forward. The code at the head of the client branch was copied over to the IDE branch, and the client code either deleted or removed from the build.
* Renamed the server key files to indicate they are rsa keys.
* Add ecc key files for the server.
* Move ProcessBuffer from ssh.c to internal.c.
* Remove #includes for headers from files that are not used.
* Added support for KEX algorithms: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521
* Updated readme
* Added support for the public key algorithm ecdsa-sha2-nistp256.
* Added support for public key algorithms ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521.
* The Key Algorithm list for the KEX picks a single value to offer based on the private key used.
* Added private keys on curves nistp384 and nistp521. The curve nistp256 is used as the default.
* Added the new ecc keys to include.am
Filled out the message handling for the DH-GEX additional messages. To use
the DH-GEX, one needs to add the flag TEST_GEX. It is still a WIP. The
handshake state machine needs a change and the start of the hash calculation
needs to wait until receiving the client's KEX INIT message and the hash
type for the handshake signature can be resolved.
1. Added support for the wc_Hash wrappers. Need to keep track of the
hash being used.
2. Assumed SHA1 only, and modified everything to use the hash wrappers.
1. Add the banner to the WOLFSSH_CTX.
2. Moved the canned banner to be a debug option.
3. Default the banner to NULL of zero length.
4. Use the banner stored in the WOLFSSH_CTX.
5. Add an accessor to set the banner to a C string.
1. Added parsing of the Global Request message. Will log the request
name string.
2. Send global request failure response if reply is requested.
(This was an issue with a particular SSH client.)
client version string.
2. Shrink the receive buffer after reading the client version
string.
3. Resize the buffer correctly when needed data is already in the input
buffer and grab the remainder as expected.
1. Flushing out the keying state machine, taking it out of the accept
state machine.
2. Changed the HandshakeInfo record to be something that can be
recreated post-initial connection for rekeying.
3. Fixed the name of a previously unused size variable.
4. Moved some constants around.
1. Add stub rekey trigger function.
2. Add new default highwater callback that calls the rekey trigger
function.
3. Rename the highwater level as "mark" rather than "count".
4. Add a flag to call the highwater callback once, cleared when the
txCount is cleared when sending new keys message to peer.
5. Add new state machine for key exchange.
6. Start massaging the accept state machine for new KEX machine.
7. Update some default sizes, and replace magic numbers with named
constants.
8. Scale back the accept state machine to add in the KEX state
machine.
9. Capture the client version string and the server's KEX init message
for rekeying.
10. Add compiler flag to allow "none" as a user auth method.
1. Implemented the RSA key generation wrapper function.
2. Rearrange the unit test code.
3. Added RSA key generation wrapper function to unit test.
4. Removed certificate load from echoserver.
5. Not using certificates, removed the functions and storage.
6. Removed unused certificate files.
7. Renamed certs directory as keys.
8. Removed the example server from the build for now.
9. Created new server key with the RSA key generation function.
10. Add IDs for public keys for keygen use.
11. Whitespace cleanup.
2. Separate sets of keys for client and server.
3. Store generated keys in handshake info record.
4. Copy session keys over when sending and receiving the
New Keys message.
2. Changed logging of authentication requests.
3. Reply to "none" authentication types with a failure that
has the supported auth type list.
4. Fixed bug where passing payload to the DoUserAuthRequest wasn't
getting the correct payload length.
5. Reordered a couple utility functions.
2. Removed some outdated/incorrect comments.
3. Removed some of the debugging output clutter.
4. Fixed bug when trying to add multiple messages to a single packet.
1. Moved SendNewKeys() to SendKexDhReply() so both messages are sent
in the same packet.
2. Accept state machine checks return codes on Send functions.
3. Added a couple new states for some of the Send functions.
2. Fixed bug in DoPacket() that didn't increment the peer's packet sequence.
3. Fixed bug in Decrypt() where the AesCbcDecrypt case dropped through into error.
4. Refactoring the accept state machine.
5. Separating client and server block and MAC sizes.
6. Added client MAC checking.
7. Fixed bug where algorithm picking preferred server order over client.
8. Fixed bug where the algorithm list matching was checking out of bounds.
Jacob Barthelmeh
Chris Conlon
John Safranek
dgarske