Skip to content

Commit ce28fc0

Browse files
dgarskedgarske
authored
Merge pull request #890 from ejohnstown/rsa-sha512
Client rsa-sha2-512
2 parents 7bb193e + f85ec92 commit ce28fc0

File tree

3 files changed

+57
-62
lines changed

3 files changed

+57
-62
lines changed

examples/client/client.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -854,7 +854,7 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args)
854854
err_sys("Couldn't create wolfSSH client context.");
855855

856856
if (keyList) {
857-
if (wolfSSH_CTX_SetAlgoListKey(ctx, NULL) != WS_SUCCESS) {
857+
if (wolfSSH_CTX_SetAlgoListKey(ctx, keyList) != WS_SUCCESS) {
858858
err_sys("Error setting key list.\n");
859859
}
860860
}

src/internal.c

Lines changed: 50 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -943,7 +943,7 @@ static const char cannedKeyAlgoNames[] =
943943
"rsa-sha2-256,"
944944
#endif/* WOLFSSH_NO_RSA_SHA2_256 */
945945
#ifndef WOLFSSH_NO_RSA_SHA2_512
946-
"rsa-sha2-512",
946+
"rsa-sha2-512,"
947947
#endif /* WOLFSSH_NO_RSA_SHA2_512 */
948948
#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP256
949949
"ecdsa-sha2-nistp256,"
@@ -1403,19 +1403,19 @@ void SshResourceFree(WOLFSSH* ssh, void* heap)
14031403
void wolfSSH_KEY_clean(WS_KeySignature* key)
14041404
{
14051405
if (key != NULL) {
1406-
if (key->keySigId == ID_SSH_RSA) {
1406+
if (key->keyId == ID_SSH_RSA) {
14071407
#ifndef WOLFSSH_NO_RSA
14081408
wc_FreeRsaKey(&key->ks.rsa.key);
14091409
#endif
14101410
}
1411-
else if (key->keySigId == ID_ED25519) {
1411+
else if (key->keyId == ID_ED25519) {
14121412
#ifndef WOLFSSH_NO_ED25519
14131413
wc_ed25519_free(&key->ks.ed25519.key);
14141414
#endif
14151415
}
1416-
else if (key->keySigId == ID_ECDSA_SHA2_NISTP256 ||
1417-
key->keySigId == ID_ECDSA_SHA2_NISTP384 ||
1418-
key->keySigId == ID_ECDSA_SHA2_NISTP521) {
1416+
else if (key->keyId == ID_ECDSA_SHA2_NISTP256 ||
1417+
key->keyId == ID_ECDSA_SHA2_NISTP384 ||
1418+
key->keyId == ID_ECDSA_SHA2_NISTP521) {
14191419
#ifndef WOLFSSH_NO_ECDSA
14201420
wc_ecc_free(&key->ks.ecc.key);
14211421
#endif
@@ -1456,11 +1456,11 @@ int IdentifyAsn1Key(const byte* in, word32 inSz, int isPrivate, void* heap,
14561456
}
14571457
else {
14581458
WMEMSET(key, 0, sizeof(*key));
1459-
key->keySigId = ID_UNKNOWN;
1459+
key->keyId = ID_UNKNOWN;
14601460

14611461
#ifndef WOLFSSH_NO_RSA
14621462
/* Check RSA key */
1463-
if (key->keySigId == ID_UNKNOWN) {
1463+
if (key->keyId == ID_UNKNOWN) {
14641464
idx = 0;
14651465
ret = wc_InitRsaKey(&key->ks.rsa.key, NULL);
14661466

@@ -1476,14 +1476,14 @@ int IdentifyAsn1Key(const byte* in, word32 inSz, int isPrivate, void* heap,
14761476

14771477
/* If decode was successful, this is an RSA key. */
14781478
if (ret == 0) {
1479-
key->keySigId = ID_SSH_RSA;
1479+
key->keyId = ID_SSH_RSA;
14801480
}
14811481
}
14821482
}
14831483
#endif /* WOLFSSH_NO_RSA */
14841484
#ifndef WOLFSSH_NO_ECDSA
14851485
/* Check ECDSA key */
1486-
if (key->keySigId == ID_UNKNOWN) {
1486+
if (key->keyId == ID_UNKNOWN) {
14871487
idx = 0;
14881488
ret = wc_ecc_init_ex(&key->ks.ecc.key, heap, INVALID_DEVID);
14891489

@@ -1501,21 +1501,21 @@ int IdentifyAsn1Key(const byte* in, word32 inSz, int isPrivate, void* heap,
15011501
if (ret == 0) {
15021502
switch (wc_ecc_get_curve_id(key->ks.ecc.key.idx)) {
15031503
case ECC_SECP256R1:
1504-
key->keySigId = ID_ECDSA_SHA2_NISTP256;
1504+
key->keyId = ID_ECDSA_SHA2_NISTP256;
15051505
break;
15061506
case ECC_SECP384R1:
1507-
key->keySigId = ID_ECDSA_SHA2_NISTP384;
1507+
key->keyId = ID_ECDSA_SHA2_NISTP384;
15081508
break;
15091509
case ECC_SECP521R1:
1510-
key->keySigId = ID_ECDSA_SHA2_NISTP521;
1510+
key->keyId = ID_ECDSA_SHA2_NISTP521;
15111511
break;
15121512
}
15131513
}
15141514
}
15151515
}
15161516
#endif /* WOLFSSH_NO_ECDSA */
15171517
#if !defined(WOLFSSH_NO_ED25519)
1518-
if (key->keySigId == ID_UNKNOWN) {
1518+
if (key->keyId == ID_UNKNOWN) {
15191519
idx = 0;
15201520
ret = wc_ed25519_init_ex(&key->ks.ed25519.key, heap, INVALID_DEVID);
15211521

@@ -1532,17 +1532,17 @@ int IdentifyAsn1Key(const byte* in, word32 inSz, int isPrivate, void* heap,
15321532

15331533
/* If decode was successful, this is a Ed25519 key. */
15341534
if (ret == 0)
1535-
key->keySigId = ID_ED25519;
1535+
key->keyId = ID_ED25519;
15361536
}
15371537
#endif /* WOLFSSH_NO_ED25519 */
15381538

1539-
if (key->keySigId == ID_UNKNOWN) {
1539+
if (key->keyId == ID_UNKNOWN) {
15401540
ret = WS_UNIMPLEMENTED_E;
15411541
}
15421542
else {
15431543
if (pkey != NULL)
15441544
*pkey = key;
1545-
ret = key->keySigId;
1545+
ret = key->keyId;
15461546
}
15471547

15481548
/* if not returning key then free it */
@@ -1916,7 +1916,7 @@ static int GetOpenSshKey(WS_KeySignature *key,
19161916
str, strSz, &subIdx);
19171917
if (ret == WS_SUCCESS) {
19181918
keyId = NameToId((const char*)subStr, subStrSz);
1919-
key->keySigId = keyId;
1919+
key->keyId = keyId;
19201920
}
19211921
if (ret == WS_SUCCESS) {
19221922
switch (keyId) {
@@ -2004,14 +2004,14 @@ int IdentifyOpenSshKey(const byte* in, word32 inSz, void* heap)
20042004
else {
20052005
WMEMSET(key, 0, sizeof(*key));
20062006
key->heap = heap;
2007-
key->keySigId = ID_NONE;
2007+
key->keyId = ID_NONE;
20082008

20092009
ret = GetOpenSshKey(key, in, inSz, &idx);
20102010

20112011
if (ret == WS_SUCCESS) {
2012-
ret = key->keySigId;
2012+
ret = key->keyId;
20132013
}
2014-
else if (key->keySigId == ID_UNKNOWN) {
2014+
else if (key->keyId == ID_UNKNOWN) {
20152015
ret = WS_UNIMPLEMENTED_E;
20162016
}
20172017

@@ -14044,7 +14044,7 @@ static int BuildUserAuthRequestRsa(WOLFSSH* ssh,
1404414044
begin = *idx;
1404514045

1404614046
if (ret == WS_SUCCESS) {
14047-
hashId = HashForId(keySig->keySigId);
14047+
hashId = HashForId(keySig->sigId);
1404814048
if (hashId == WC_HASH_TYPE_NONE)
1404914049
ret = WS_INVALID_ALGO_ID;
1405014050
}
@@ -14102,7 +14102,7 @@ static int BuildUserAuthRequestRsa(WOLFSSH* ssh,
1410214102
byte encDigest[MAX_ENCODED_SIG_SZ];
1410314103
int encDigestSz;
1410414104

14105-
switch (keySig->keySigId) {
14105+
switch (keySig->sigId) {
1410614106
#ifndef WOLFSSH_NO_SSH_RSA_SHA1
1410714107
case ID_SSH_RSA:
1410814108
names = cannedKeyAlgoSshRsaNames;
@@ -14273,7 +14273,7 @@ static int BuildUserAuthRequestRsaCert(WOLFSSH* ssh,
1427314273

1427414274
if (ret == WS_SUCCESS) {
1427514275
begin = *idx;
14276-
hashId = HashForId(keySig->keySigId);
14276+
hashId = HashForId(keySig->sigId);
1427714277
if (hashId == WC_HASH_TYPE_NONE)
1427814278
ret = WS_INVALID_ALGO_ID;
1427914279
WLOG(WS_LOG_DEBUG, "HashForId = %d, ret = %d", hashId, ret);
@@ -14508,7 +14508,7 @@ static int BuildUserAuthRequestEcc(WOLFSSH* ssh,
1450814508
begin = *idx;
1450914509

1451014510
if (ret == WS_SUCCESS) {
14511-
hashId = HashForId(keySig->keySigId);
14511+
hashId = HashForId(keySig->sigId);
1451214512
WMEMSET(digest, 0, sizeof(digest));
1451314513
digestSz = wc_HashGetDigestSize(hashId);
1451414514
checkDataSz = LENGTH_SZ + ssh->sessionIdSz + (begin - sigStartIdx);
@@ -14574,7 +14574,7 @@ static int BuildUserAuthRequestEcc(WOLFSSH* ssh,
1457414574
rPad = (r_ptr[0] & 0x80) ? 1 : 0;
1457514575
sPad = (s_ptr[0] & 0x80) ? 1 : 0;
1457614576

14577-
switch (keySig->keySigId) {
14577+
switch (keySig->sigId) {
1457814578
#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP256
1457914579
case ID_ECDSA_SHA2_NISTP256:
1458014580
names = cannedKeyAlgoEcc256Names;
@@ -14746,7 +14746,7 @@ static int BuildUserAuthRequestEccCert(WOLFSSH* ssh,
1474614746
begin = *idx;
1474714747

1474814748
if (ret == WS_SUCCESS) {
14749-
hashId = HashForId(keySig->keySigId);
14749+
hashId = HashForId(keySig->sigId);
1475014750
WMEMSET(digest, 0, sizeof(digest));
1475114751
digestSz = wc_HashGetDigestSize(hashId);
1475214752
checkDataSz = LENGTH_SZ + ssh->sessionIdSz + (begin - sigStartIdx);
@@ -14817,7 +14817,7 @@ static int BuildUserAuthRequestEccCert(WOLFSSH* ssh,
1481714817
rPad = (r[0] & 0x80) ? 1 : 0;
1481814818
sPad = (s[0] & 0x80) ? 1 : 0;
1481914819

14820-
switch (keySig->keySigId) {
14820+
switch (keySig->sigId) {
1482114821
#ifndef WOLFSSH_NO_ECDSA_SHA2_NISTP256
1482214822
case ID_ECDSA_SHA2_NISTP256:
1482314823
names = cannedKeyAlgoEcc256Names;
@@ -15080,13 +15080,17 @@ static int PrepareUserAuthRequestPublicKey(WOLFSSH* ssh, word32* payloadSz,
1508015080
}
1508115081

1508215082
if (ret == WS_SUCCESS) {
15083-
byte keyId, matchId, algoId[4];
15083+
byte matchId, algoId[4];
1508415084
word32 algoIdSz = 0;
1508515085

15086-
keyId = NameToId(
15086+
keySig->keyId = NameToId(
1508715087
(const char*)authData->sf.publicKey.publicKeyType,
1508815088
authData->sf.publicKey.publicKeyTypeSz);
15089-
if (keyId == ID_SSH_RSA) {
15089+
keySig->keyName = (const char*)authData->sf.publicKey.publicKeyType;
15090+
keySig->keyNameSz = authData->sf.publicKey.publicKeyTypeSz;
15091+
/* Typically a 1:1 match of key type to signature type. RSA uses
15092+
* a key type of ssh-rsa, but different signature types. */
15093+
if (keySig->keyId == ID_SSH_RSA) {
1509015094
#ifndef WOLFSSH_NO_RSA_SHA2_512
1509115095
algoId[algoIdSz++] = ID_RSA_SHA2_512;
1509215096
#endif
@@ -15099,7 +15103,7 @@ static int PrepareUserAuthRequestPublicKey(WOLFSSH* ssh, word32* payloadSz,
1509915103
#endif
1510015104
}
1510115105
else {
15102-
algoId[algoIdSz++] = keyId;
15106+
algoId[algoIdSz++] = keySig->keyId;
1510315107
}
1510415108

1510515109
/* Is that in the peerSigId list? */
@@ -15108,23 +15112,21 @@ static int PrepareUserAuthRequestPublicKey(WOLFSSH* ssh, word32* payloadSz,
1510815112
if (matchId == ID_UNKNOWN) {
1510915113
ret = WS_MATCH_KEY_ALGO_E;
1511015114
}
15111-
keySig->keySigId = matchId;
15112-
keySig->name = IdToName(matchId);
15113-
keySig->nameSz = (word32)WSTRLEN(keySig->name);
15115+
keySig->sigId = matchId;
15116+
keySig->sigName = IdToName(matchId);
15117+
keySig->sigNameSz = (word32)WSTRLEN(keySig->sigName);
1511415118
}
1511515119

1511615120
if (ret == WS_SUCCESS) {
1511715121
/* Add the boolean size to the payload, and the lengths of
1511815122
* the public key algorithm name, and the public key length.
1511915123
* For the X509 types, this accounts for ONLY one certificate.*/
1512015124
*payloadSz += BOOLEAN_SZ + (LENGTH_SZ * 2) +
15121-
keySig->nameSz + authData->sf.publicKey.publicKeySz;
15125+
keySig->sigNameSz + authData->sf.publicKey.publicKeySz;
1512215126

15123-
switch (keySig->keySigId) {
15127+
switch (keySig->keyId) {
1512415128
#ifndef WOLFSSH_NO_RSA
1512515129
case ID_SSH_RSA:
15126-
case ID_RSA_SHA2_256:
15127-
case ID_RSA_SHA2_512:
1512815130
ret = PrepareUserAuthRequestRsa(ssh,
1512915131
payloadSz, authData, keySig);
1513015132
break;
@@ -15190,22 +15192,21 @@ static int BuildUserAuthRequestPublicKey(WOLFSSH* ssh,
1519015192

1519115193
if (pk->hasSignature) {
1519215194
WLOG(WS_LOG_DEBUG, "User signature type: %s",
15193-
IdToName(keySig->keySigId));
15195+
IdToName(keySig->sigId));
1519415196

15195-
switch (keySig->keySigId) {
15197+
switch (keySig->sigId) {
1519615198
#ifndef WOLFSSH_NO_RSA
1519715199
case ID_SSH_RSA:
1519815200
case ID_RSA_SHA2_256:
1519915201
case ID_RSA_SHA2_512:
15200-
c32toa(keySig->nameSz, output + begin);
15202+
c32toa(keySig->sigNameSz, output + begin);
1520115203
begin += LENGTH_SZ;
15202-
WMEMCPY(output + begin, keySig->name, keySig->nameSz);
15203-
begin += keySig->nameSz;
15204+
WMEMCPY(output + begin, keySig->sigName, keySig->sigNameSz);
15205+
begin += keySig->sigNameSz;
1520415206
c32toa(pk->publicKeySz, output + begin);
1520515207
begin += LENGTH_SZ;
1520615208
WMEMCPY(output + begin, pk->publicKey, pk->publicKeySz);
1520715209
begin += pk->publicKeySz;
15208-
keySig->keySigId = ID_RSA_SHA2_256;
1520915210
ret = BuildUserAuthRequestRsa(ssh, output, &begin,
1521015211
authData, sigStart, sigStartIdx, keySig);
1521115212
break;
@@ -15218,7 +15219,7 @@ static int BuildUserAuthRequestPublicKey(WOLFSSH* ssh,
1521815219
pk->publicKeyType, pk->publicKeyTypeSz);
1521915220
begin += pk->publicKeyTypeSz;
1522015221

15221-
ret = BuildRFC6187Info(ssh, keySig->keySigId,
15222+
ret = BuildRFC6187Info(ssh, keySig->keyId,
1522215223
pk->publicKey, pk->publicKeySz, NULL, 0,
1522315224
output, &ssh->outputBuffer.bufferSz, &begin);
1522415225
if (ret == WS_SUCCESS) {
@@ -15256,7 +15257,7 @@ static int BuildUserAuthRequestPublicKey(WOLFSSH* ssh,
1525615257
begin += pk->publicKeyTypeSz;
1525715258

1525815259
/* build RFC6178 public key to send */
15259-
ret = BuildRFC6187Info(ssh, keySig->keySigId,
15260+
ret = BuildRFC6187Info(ssh, keySig->keyId,
1526015261
pk->publicKey, pk->publicKeySz, NULL, 0,
1526115262
output, &ssh->outputBuffer.bufferSz, &begin);
1526215263
if (ret == WS_SUCCESS) {
@@ -15424,7 +15425,8 @@ int SendUserAuthRequest(WOLFSSH* ssh, byte authType, int addSig)
1542415425
WMEMSET(&authData, 0, sizeof(authData));
1542515426
if (ret == WS_SUCCESS) {
1542615427
WMEMSET(keySig_ptr, 0, sizeof(WS_KeySignature));
15427-
keySig_ptr->keySigId = ID_NONE;
15428+
keySig_ptr->keyId = ID_NONE;
15429+
keySig_ptr->sigId = ID_NONE;
1542815430
keySig_ptr->heap = ssh->ctx->heap;
1542915431

1543015432
#ifdef WOLFSSH_KEYBOARD_INTERACTIVE

wolfssh/internal.h

Lines changed: 6 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -72,16 +72,6 @@ extern "C" {
7272
#endif
7373

7474

75-
/*
76-
* Not ready for rsa-sha2-512 yet.
77-
*/
78-
79-
#undef WOLFSSH_NO_RSA_SHA2_512
80-
#ifndef WOLFSSH_YES_RSA_SHA2_512
81-
#define WOLFSSH_NO_RSA_SHA2_512
82-
#endif
83-
84-
8575
/*
8676
* Check options set by wolfSSL and set wolfSSH options as appropriate. If
8777
* the derived options and any override options leave wolfSSH without
@@ -1011,11 +1001,14 @@ WOLFSSH_LOCAL int wolfSSH_FwdWorker(WOLFSSH*);
10111001

10121002

10131003
typedef struct WS_KeySignature {
1014-
byte keySigId;
1004+
byte keyId;
1005+
byte sigId;
10151006
word32 sigSz;
1016-
const char *name;
1007+
const char *keyName;
1008+
const char *sigName;
10171009
void *heap;
1018-
word32 nameSz;
1010+
word32 keyNameSz;
1011+
word32 sigNameSz;
10191012
union {
10201013
#ifndef WOLFSSH_NO_RSA
10211014
struct {

0 commit comments

Comments
 (0)