ssh
wolfssh/internal.h@0:c4152c628df5, 2019-11-25 (annotated)
- Committer:
- sPymbed
- Date:
- Mon Nov 25 14:24:05 2019 +0000
- Revision:
- 0:c4152c628df5
first commit
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
sPymbed | 0:c4152c628df5 | 1 | /* internal.h |
sPymbed | 0:c4152c628df5 | 2 | * |
sPymbed | 0:c4152c628df5 | 3 | * Copyright (C) 2014-2016 wolfSSL Inc. |
sPymbed | 0:c4152c628df5 | 4 | * |
sPymbed | 0:c4152c628df5 | 5 | * This file is part of wolfSSH. |
sPymbed | 0:c4152c628df5 | 6 | * |
sPymbed | 0:c4152c628df5 | 7 | * wolfSSH is free software; you can redistribute it and/or modify |
sPymbed | 0:c4152c628df5 | 8 | * it under the terms of the GNU General Public License as published by |
sPymbed | 0:c4152c628df5 | 9 | * the Free Software Foundation; either version 3 of the License, or |
sPymbed | 0:c4152c628df5 | 10 | * (at your option) any later version. |
sPymbed | 0:c4152c628df5 | 11 | * |
sPymbed | 0:c4152c628df5 | 12 | * wolfSSH is distributed in the hope that it will be useful, |
sPymbed | 0:c4152c628df5 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
sPymbed | 0:c4152c628df5 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
sPymbed | 0:c4152c628df5 | 15 | * GNU General Public License for more details. |
sPymbed | 0:c4152c628df5 | 16 | * |
sPymbed | 0:c4152c628df5 | 17 | * You should have received a copy of the GNU General Public License |
sPymbed | 0:c4152c628df5 | 18 | * along with wolfSSH. If not, see <http://www.gnu.org/licenses/>. |
sPymbed | 0:c4152c628df5 | 19 | */ |
sPymbed | 0:c4152c628df5 | 20 | |
sPymbed | 0:c4152c628df5 | 21 | |
sPymbed | 0:c4152c628df5 | 22 | /* |
sPymbed | 0:c4152c628df5 | 23 | * The internal module contains the private data and functions. The public |
sPymbed | 0:c4152c628df5 | 24 | * API calls into this module to do the work of processing the connections. |
sPymbed | 0:c4152c628df5 | 25 | */ |
sPymbed | 0:c4152c628df5 | 26 | |
sPymbed | 0:c4152c628df5 | 27 | |
sPymbed | 0:c4152c628df5 | 28 | #pragma once |
sPymbed | 0:c4152c628df5 | 29 | |
sPymbed | 0:c4152c628df5 | 30 | #include <wolfssh/ssh.h> |
sPymbed | 0:c4152c628df5 | 31 | #include <wolfcrypt/hash.h> |
sPymbed | 0:c4152c628df5 | 32 | #include <wolfcrypt/random.h> |
sPymbed | 0:c4152c628df5 | 33 | #include <wolfcrypt/aes.h> |
sPymbed | 0:c4152c628df5 | 34 | #include <wolfcrypt/dh.h> |
sPymbed | 0:c4152c628df5 | 35 | #include <wolfcrypt/ecc.h> |
sPymbed | 0:c4152c628df5 | 36 | |
sPymbed | 0:c4152c628df5 | 37 | |
sPymbed | 0:c4152c628df5 | 38 | #if !defined (ALIGN16) |
sPymbed | 0:c4152c628df5 | 39 | #if defined (__GNUC__) |
sPymbed | 0:c4152c628df5 | 40 | #define ALIGN16 __attribute__ ( (aligned (16))) |
sPymbed | 0:c4152c628df5 | 41 | #elif defined(_MSC_VER) |
sPymbed | 0:c4152c628df5 | 42 | /* disable align warning, we want alignment ! */ |
sPymbed | 0:c4152c628df5 | 43 | #pragma warning(disable: 4324) |
sPymbed | 0:c4152c628df5 | 44 | #define ALIGN16 __declspec (align (16)) |
sPymbed | 0:c4152c628df5 | 45 | #else |
sPymbed | 0:c4152c628df5 | 46 | #define ALIGN16 |
sPymbed | 0:c4152c628df5 | 47 | #endif |
sPymbed | 0:c4152c628df5 | 48 | #endif |
sPymbed | 0:c4152c628df5 | 49 | |
sPymbed | 0:c4152c628df5 | 50 | |
sPymbed | 0:c4152c628df5 | 51 | #ifdef __cplusplus |
sPymbed | 0:c4152c628df5 | 52 | extern "C" { |
sPymbed | 0:c4152c628df5 | 53 | #endif |
sPymbed | 0:c4152c628df5 | 54 | |
sPymbed | 0:c4152c628df5 | 55 | |
sPymbed | 0:c4152c628df5 | 56 | WOLFSSH_LOCAL const char* GetErrorString(int); |
sPymbed | 0:c4152c628df5 | 57 | |
sPymbed | 0:c4152c628df5 | 58 | |
sPymbed | 0:c4152c628df5 | 59 | enum { |
sPymbed | 0:c4152c628df5 | 60 | /* Any of the items can be none. */ |
sPymbed | 0:c4152c628df5 | 61 | ID_NONE, |
sPymbed | 0:c4152c628df5 | 62 | |
sPymbed | 0:c4152c628df5 | 63 | /* Encryption IDs */ |
sPymbed | 0:c4152c628df5 | 64 | ID_AES128_CBC, |
sPymbed | 0:c4152c628df5 | 65 | ID_AES128_GCM, |
sPymbed | 0:c4152c628df5 | 66 | |
sPymbed | 0:c4152c628df5 | 67 | /* Integrity IDs */ |
sPymbed | 0:c4152c628df5 | 68 | ID_HMAC_SHA1, |
sPymbed | 0:c4152c628df5 | 69 | ID_HMAC_SHA1_96, |
sPymbed | 0:c4152c628df5 | 70 | ID_HMAC_SHA2_256, |
sPymbed | 0:c4152c628df5 | 71 | |
sPymbed | 0:c4152c628df5 | 72 | /* Key Exchange IDs */ |
sPymbed | 0:c4152c628df5 | 73 | ID_DH_GROUP1_SHA1, |
sPymbed | 0:c4152c628df5 | 74 | ID_DH_GROUP14_SHA1, |
sPymbed | 0:c4152c628df5 | 75 | ID_DH_GEX_SHA256, |
sPymbed | 0:c4152c628df5 | 76 | ID_ECDH_SHA2_NISTP256, |
sPymbed | 0:c4152c628df5 | 77 | ID_ECDH_SHA2_NISTP384, |
sPymbed | 0:c4152c628df5 | 78 | ID_ECDH_SHA2_NISTP521, |
sPymbed | 0:c4152c628df5 | 79 | |
sPymbed | 0:c4152c628df5 | 80 | /* Public Key IDs */ |
sPymbed | 0:c4152c628df5 | 81 | ID_SSH_RSA, |
sPymbed | 0:c4152c628df5 | 82 | ID_ECDSA_SHA2_NISTP256, |
sPymbed | 0:c4152c628df5 | 83 | ID_ECDSA_SHA2_NISTP384, |
sPymbed | 0:c4152c628df5 | 84 | ID_ECDSA_SHA2_NISTP521, |
sPymbed | 0:c4152c628df5 | 85 | |
sPymbed | 0:c4152c628df5 | 86 | /* Service IDs */ |
sPymbed | 0:c4152c628df5 | 87 | ID_SERVICE_USERAUTH, |
sPymbed | 0:c4152c628df5 | 88 | ID_SERVICE_CONNECTION, |
sPymbed | 0:c4152c628df5 | 89 | |
sPymbed | 0:c4152c628df5 | 90 | /* UserAuth IDs */ |
sPymbed | 0:c4152c628df5 | 91 | ID_USERAUTH_PASSWORD, |
sPymbed | 0:c4152c628df5 | 92 | ID_USERAUTH_PUBLICKEY, |
sPymbed | 0:c4152c628df5 | 93 | |
sPymbed | 0:c4152c628df5 | 94 | /* Channel Type IDs */ |
sPymbed | 0:c4152c628df5 | 95 | ID_CHANTYPE_SESSION, |
sPymbed | 0:c4152c628df5 | 96 | |
sPymbed | 0:c4152c628df5 | 97 | ID_UNKNOWN |
sPymbed | 0:c4152c628df5 | 98 | }; |
sPymbed | 0:c4152c628df5 | 99 | |
sPymbed | 0:c4152c628df5 | 100 | |
sPymbed | 0:c4152c628df5 | 101 | #define MAX_ENCRYPTION 3 |
sPymbed | 0:c4152c628df5 | 102 | #define MAX_INTEGRITY 2 |
sPymbed | 0:c4152c628df5 | 103 | #define MAX_KEY_EXCHANGE 2 |
sPymbed | 0:c4152c628df5 | 104 | #define MAX_PUBLIC_KEY 1 |
sPymbed | 0:c4152c628df5 | 105 | #define MAX_HMAC_SZ SHA256_DIGEST_SIZE |
sPymbed | 0:c4152c628df5 | 106 | #define MIN_BLOCK_SZ 8 |
sPymbed | 0:c4152c628df5 | 107 | #define COOKIE_SZ 16 |
sPymbed | 0:c4152c628df5 | 108 | #define LENGTH_SZ 4 |
sPymbed | 0:c4152c628df5 | 109 | #define PAD_LENGTH_SZ 1 |
sPymbed | 0:c4152c628df5 | 110 | #define MIN_PAD_LENGTH 4 |
sPymbed | 0:c4152c628df5 | 111 | #define BOOLEAN_SZ 1 |
sPymbed | 0:c4152c628df5 | 112 | #define MSG_ID_SZ 1 |
sPymbed | 0:c4152c628df5 | 113 | #define SHA1_96_SZ 12 |
sPymbed | 0:c4152c628df5 | 114 | #define UINT32_SZ 4 |
sPymbed | 0:c4152c628df5 | 115 | #define SSH_PROTO_SZ 7 /* "SSH-2.0" */ |
sPymbed | 0:c4152c628df5 | 116 | #define SSH_PROTO_EOL_SZ 2 /* Just the CRLF */ |
sPymbed | 0:c4152c628df5 | 117 | #define AEAD_IMP_IV_SZ 4 |
sPymbed | 0:c4152c628df5 | 118 | #define AEAD_EXP_IV_SZ 8 |
sPymbed | 0:c4152c628df5 | 119 | #define AEAD_NONCE_SZ (AEAD_IMP_IV_SZ+AEAD_EXP_IV_SZ) |
sPymbed | 0:c4152c628df5 | 120 | #ifndef DEFAULT_HIGHWATER_MARK |
sPymbed | 0:c4152c628df5 | 121 | #define DEFAULT_HIGHWATER_MARK ((1024 * 1024 * 1024) - (32 * 1024)) |
sPymbed | 0:c4152c628df5 | 122 | #endif |
sPymbed | 0:c4152c628df5 | 123 | #ifndef DEFAULT_WINDOW_SZ |
sPymbed | 0:c4152c628df5 | 124 | //#define DEFAULT_WINDOW_SZ (1024 * 1024) |
sPymbed | 0:c4152c628df5 | 125 | #define DEFAULT_WINDOW_SZ (8 * 1024) // ESP32 Doesn't have that much RAM |
sPymbed | 0:c4152c628df5 | 126 | #endif |
sPymbed | 0:c4152c628df5 | 127 | #ifndef DEFAULT_MAX_PACKET_SZ |
sPymbed | 0:c4152c628df5 | 128 | //#define DEFAULT_MAX_PACKET_SZ (16 * 1024) |
sPymbed | 0:c4152c628df5 | 129 | #define DEFAULT_MAX_PACKET_SZ (2 * 1024) // ESP32 Doesn't have that much RAM |
sPymbed | 0:c4152c628df5 | 130 | #endif |
sPymbed | 0:c4152c628df5 | 131 | #ifndef DEFAULT_NEXT_CHANNEL |
sPymbed | 0:c4152c628df5 | 132 | #define DEFAULT_NEXT_CHANNEL 0 |
sPymbed | 0:c4152c628df5 | 133 | #endif |
sPymbed | 0:c4152c628df5 | 134 | |
sPymbed | 0:c4152c628df5 | 135 | |
sPymbed | 0:c4152c628df5 | 136 | WOLFSSH_LOCAL byte NameToId(const char*, word32); |
sPymbed | 0:c4152c628df5 | 137 | WOLFSSH_LOCAL const char* IdToName(byte); |
sPymbed | 0:c4152c628df5 | 138 | |
sPymbed | 0:c4152c628df5 | 139 | |
sPymbed | 0:c4152c628df5 | 140 | #define STATIC_BUFFER_LEN AES_BLOCK_SIZE |
sPymbed | 0:c4152c628df5 | 141 | /* This is one AES block size. We always grab one |
sPymbed | 0:c4152c628df5 | 142 | * block size first to decrypt to find the size of |
sPymbed | 0:c4152c628df5 | 143 | * the rest of the data. */ |
sPymbed | 0:c4152c628df5 | 144 | |
sPymbed | 0:c4152c628df5 | 145 | |
sPymbed | 0:c4152c628df5 | 146 | typedef struct Buffer { |
sPymbed | 0:c4152c628df5 | 147 | void* heap; /* Heap for allocations */ |
sPymbed | 0:c4152c628df5 | 148 | word32 length; /* total buffer length used */ |
sPymbed | 0:c4152c628df5 | 149 | word32 idx; /* idx to part of length already consumed */ |
sPymbed | 0:c4152c628df5 | 150 | byte* buffer; /* place holder for actual buffer */ |
sPymbed | 0:c4152c628df5 | 151 | word32 bufferSz; /* current buffer size */ |
sPymbed | 0:c4152c628df5 | 152 | ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; |
sPymbed | 0:c4152c628df5 | 153 | byte dynamicFlag; /* dynamic memory currently in use */ |
sPymbed | 0:c4152c628df5 | 154 | } Buffer; |
sPymbed | 0:c4152c628df5 | 155 | |
sPymbed | 0:c4152c628df5 | 156 | |
sPymbed | 0:c4152c628df5 | 157 | WOLFSSH_LOCAL int BufferInit(Buffer*, word32, void*); |
sPymbed | 0:c4152c628df5 | 158 | WOLFSSH_LOCAL int GrowBuffer(Buffer*, word32, word32); |
sPymbed | 0:c4152c628df5 | 159 | WOLFSSH_LOCAL void ShrinkBuffer(Buffer* buf, int); |
sPymbed | 0:c4152c628df5 | 160 | |
sPymbed | 0:c4152c628df5 | 161 | |
sPymbed | 0:c4152c628df5 | 162 | /* our wolfSSH Context */ |
sPymbed | 0:c4152c628df5 | 163 | struct WOLFSSH_CTX { |
sPymbed | 0:c4152c628df5 | 164 | void* heap; /* heap hint */ |
sPymbed | 0:c4152c628df5 | 165 | WS_CallbackIORecv ioRecvCb; /* I/O Receive Callback */ |
sPymbed | 0:c4152c628df5 | 166 | WS_CallbackIOSend ioSendCb; /* I/O Send Callback */ |
sPymbed | 0:c4152c628df5 | 167 | WS_CallbackUserAuth userAuthCb; /* User Authentication Callback */ |
sPymbed | 0:c4152c628df5 | 168 | WS_CallbackHighwater highwaterCb; /* Data Highwater Mark Callback */ |
sPymbed | 0:c4152c628df5 | 169 | |
sPymbed | 0:c4152c628df5 | 170 | byte* privateKey; /* Owned by CTX */ |
sPymbed | 0:c4152c628df5 | 171 | word32 privateKeySz; |
sPymbed | 0:c4152c628df5 | 172 | byte useEcc; /* Depends on the private key */ |
sPymbed | 0:c4152c628df5 | 173 | word32 highwaterMark; |
sPymbed | 0:c4152c628df5 | 174 | const char* banner; |
sPymbed | 0:c4152c628df5 | 175 | word32 bannerSz; |
sPymbed | 0:c4152c628df5 | 176 | byte side; /* client or server */ |
sPymbed | 0:c4152c628df5 | 177 | byte showBanner; |
sPymbed | 0:c4152c628df5 | 178 | }; |
sPymbed | 0:c4152c628df5 | 179 | |
sPymbed | 0:c4152c628df5 | 180 | |
sPymbed | 0:c4152c628df5 | 181 | typedef struct Ciphers { |
sPymbed | 0:c4152c628df5 | 182 | Aes aes; |
sPymbed | 0:c4152c628df5 | 183 | } Ciphers; |
sPymbed | 0:c4152c628df5 | 184 | |
sPymbed | 0:c4152c628df5 | 185 | |
sPymbed | 0:c4152c628df5 | 186 | typedef struct Keys { |
sPymbed | 0:c4152c628df5 | 187 | byte iv[AES_BLOCK_SIZE]; |
sPymbed | 0:c4152c628df5 | 188 | byte ivSz; |
sPymbed | 0:c4152c628df5 | 189 | byte encKey[AES_BLOCK_SIZE]; |
sPymbed | 0:c4152c628df5 | 190 | byte encKeySz; |
sPymbed | 0:c4152c628df5 | 191 | byte macKey[MAX_HMAC_SZ]; |
sPymbed | 0:c4152c628df5 | 192 | byte macKeySz; |
sPymbed | 0:c4152c628df5 | 193 | } Keys; |
sPymbed | 0:c4152c628df5 | 194 | |
sPymbed | 0:c4152c628df5 | 195 | |
sPymbed | 0:c4152c628df5 | 196 | typedef struct HandshakeInfo { |
sPymbed | 0:c4152c628df5 | 197 | byte kexId; |
sPymbed | 0:c4152c628df5 | 198 | byte pubKeyId; |
sPymbed | 0:c4152c628df5 | 199 | byte encryptId; |
sPymbed | 0:c4152c628df5 | 200 | byte macId; |
sPymbed | 0:c4152c628df5 | 201 | byte hashId; |
sPymbed | 0:c4152c628df5 | 202 | byte kexPacketFollows; |
sPymbed | 0:c4152c628df5 | 203 | byte aeadMode; |
sPymbed | 0:c4152c628df5 | 204 | |
sPymbed | 0:c4152c628df5 | 205 | byte blockSz; |
sPymbed | 0:c4152c628df5 | 206 | byte macSz; |
sPymbed | 0:c4152c628df5 | 207 | |
sPymbed | 0:c4152c628df5 | 208 | Keys keys; |
sPymbed | 0:c4152c628df5 | 209 | Keys peerKeys; |
sPymbed | 0:c4152c628df5 | 210 | wc_HashAlg hash; |
sPymbed | 0:c4152c628df5 | 211 | byte e[257]; /* May have a leading zero for unsigned or is a Q_S value. */ |
sPymbed | 0:c4152c628df5 | 212 | word32 eSz; |
sPymbed | 0:c4152c628df5 | 213 | byte x[257]; /* May have a leading zero, for unsigned. */ |
sPymbed | 0:c4152c628df5 | 214 | word32 xSz; |
sPymbed | 0:c4152c628df5 | 215 | byte* kexInit; |
sPymbed | 0:c4152c628df5 | 216 | word32 kexInitSz; |
sPymbed | 0:c4152c628df5 | 217 | |
sPymbed | 0:c4152c628df5 | 218 | word32 dhGexMinSz; |
sPymbed | 0:c4152c628df5 | 219 | word32 dhGexPreferredSz; |
sPymbed | 0:c4152c628df5 | 220 | word32 dhGexMaxSz; |
sPymbed | 0:c4152c628df5 | 221 | byte* primeGroup; |
sPymbed | 0:c4152c628df5 | 222 | word32 primeGroupSz; |
sPymbed | 0:c4152c628df5 | 223 | byte* generator; |
sPymbed | 0:c4152c628df5 | 224 | word32 generatorSz; |
sPymbed | 0:c4152c628df5 | 225 | |
sPymbed | 0:c4152c628df5 | 226 | byte useEcc; |
sPymbed | 0:c4152c628df5 | 227 | union { |
sPymbed | 0:c4152c628df5 | 228 | DhKey dh; |
sPymbed | 0:c4152c628df5 | 229 | ecc_key ecc; |
sPymbed | 0:c4152c628df5 | 230 | } privKey; |
sPymbed | 0:c4152c628df5 | 231 | } HandshakeInfo; |
sPymbed | 0:c4152c628df5 | 232 | |
sPymbed | 0:c4152c628df5 | 233 | |
sPymbed | 0:c4152c628df5 | 234 | /* our wolfSSH session */ |
sPymbed | 0:c4152c628df5 | 235 | struct WOLFSSH { |
sPymbed | 0:c4152c628df5 | 236 | WOLFSSH_CTX* ctx; /* owner context */ |
sPymbed | 0:c4152c628df5 | 237 | int error; |
sPymbed | 0:c4152c628df5 | 238 | int rfd; |
sPymbed | 0:c4152c628df5 | 239 | int wfd; |
sPymbed | 0:c4152c628df5 | 240 | void* ioReadCtx; /* I/O Read Context handle */ |
sPymbed | 0:c4152c628df5 | 241 | void* ioWriteCtx; /* I/O Write Context handle */ |
sPymbed | 0:c4152c628df5 | 242 | int rflags; /* optional read flags */ |
sPymbed | 0:c4152c628df5 | 243 | int wflags; /* optional write flags */ |
sPymbed | 0:c4152c628df5 | 244 | word32 txCount; |
sPymbed | 0:c4152c628df5 | 245 | word32 rxCount; |
sPymbed | 0:c4152c628df5 | 246 | word32 highwaterMark; |
sPymbed | 0:c4152c628df5 | 247 | byte highwaterFlag; /* Set when highwater CB called */ |
sPymbed | 0:c4152c628df5 | 248 | void* highwaterCtx; |
sPymbed | 0:c4152c628df5 | 249 | word32 curSz; |
sPymbed | 0:c4152c628df5 | 250 | word32 seq; |
sPymbed | 0:c4152c628df5 | 251 | word32 peerSeq; |
sPymbed | 0:c4152c628df5 | 252 | word32 packetStartIdx; /* Current send packet start index */ |
sPymbed | 0:c4152c628df5 | 253 | byte paddingSz; /* Current send packet padding size */ |
sPymbed | 0:c4152c628df5 | 254 | byte acceptState; |
sPymbed | 0:c4152c628df5 | 255 | byte connectState; |
sPymbed | 0:c4152c628df5 | 256 | byte clientState; |
sPymbed | 0:c4152c628df5 | 257 | byte serverState; |
sPymbed | 0:c4152c628df5 | 258 | byte processReplyState; |
sPymbed | 0:c4152c628df5 | 259 | byte isKeying; |
sPymbed | 0:c4152c628df5 | 260 | |
sPymbed | 0:c4152c628df5 | 261 | byte connReset; |
sPymbed | 0:c4152c628df5 | 262 | byte isClosed; |
sPymbed | 0:c4152c628df5 | 263 | |
sPymbed | 0:c4152c628df5 | 264 | byte blockSz; |
sPymbed | 0:c4152c628df5 | 265 | byte encryptId; |
sPymbed | 0:c4152c628df5 | 266 | byte macId; |
sPymbed | 0:c4152c628df5 | 267 | byte macSz; |
sPymbed | 0:c4152c628df5 | 268 | byte aeadMode; |
sPymbed | 0:c4152c628df5 | 269 | byte peerBlockSz; |
sPymbed | 0:c4152c628df5 | 270 | byte peerEncryptId; |
sPymbed | 0:c4152c628df5 | 271 | byte peerMacId; |
sPymbed | 0:c4152c628df5 | 272 | byte peerMacSz; |
sPymbed | 0:c4152c628df5 | 273 | byte peerAeadMode; |
sPymbed | 0:c4152c628df5 | 274 | |
sPymbed | 0:c4152c628df5 | 275 | Ciphers encryptCipher; |
sPymbed | 0:c4152c628df5 | 276 | Ciphers decryptCipher; |
sPymbed | 0:c4152c628df5 | 277 | |
sPymbed | 0:c4152c628df5 | 278 | word32 nextChannel; |
sPymbed | 0:c4152c628df5 | 279 | WOLFSSH_CHANNEL* channelList; |
sPymbed | 0:c4152c628df5 | 280 | word32 channelListSz; |
sPymbed | 0:c4152c628df5 | 281 | word32 defaultPeerChannelId; |
sPymbed | 0:c4152c628df5 | 282 | |
sPymbed | 0:c4152c628df5 | 283 | Buffer inputBuffer; |
sPymbed | 0:c4152c628df5 | 284 | Buffer outputBuffer; |
sPymbed | 0:c4152c628df5 | 285 | WC_RNG* rng; |
sPymbed | 0:c4152c628df5 | 286 | |
sPymbed | 0:c4152c628df5 | 287 | byte h[WC_MAX_DIGEST_SIZE]; |
sPymbed | 0:c4152c628df5 | 288 | word32 hSz; |
sPymbed | 0:c4152c628df5 | 289 | byte k[257]; /* May have a leading zero, for unsigned. */ |
sPymbed | 0:c4152c628df5 | 290 | word32 kSz; |
sPymbed | 0:c4152c628df5 | 291 | byte sessionId[WC_MAX_DIGEST_SIZE]; |
sPymbed | 0:c4152c628df5 | 292 | word32 sessionIdSz; |
sPymbed | 0:c4152c628df5 | 293 | |
sPymbed | 0:c4152c628df5 | 294 | Keys keys; |
sPymbed | 0:c4152c628df5 | 295 | Keys peerKeys; |
sPymbed | 0:c4152c628df5 | 296 | HandshakeInfo* handshake; |
sPymbed | 0:c4152c628df5 | 297 | |
sPymbed | 0:c4152c628df5 | 298 | void* userAuthCtx; |
sPymbed | 0:c4152c628df5 | 299 | char* userName; |
sPymbed | 0:c4152c628df5 | 300 | word32 userNameSz; |
sPymbed | 0:c4152c628df5 | 301 | char* password; |
sPymbed | 0:c4152c628df5 | 302 | word32 passwordSz; |
sPymbed | 0:c4152c628df5 | 303 | byte* pkBlob; |
sPymbed | 0:c4152c628df5 | 304 | word32 pkBlobSz; |
sPymbed | 0:c4152c628df5 | 305 | byte* peerProtoId; /* Save for rekey */ |
sPymbed | 0:c4152c628df5 | 306 | word32 peerProtoIdSz; |
sPymbed | 0:c4152c628df5 | 307 | }; |
sPymbed | 0:c4152c628df5 | 308 | |
sPymbed | 0:c4152c628df5 | 309 | |
sPymbed | 0:c4152c628df5 | 310 | struct WOLFSSH_CHANNEL { |
sPymbed | 0:c4152c628df5 | 311 | byte channelType; |
sPymbed | 0:c4152c628df5 | 312 | word32 channel; |
sPymbed | 0:c4152c628df5 | 313 | word32 windowSz; |
sPymbed | 0:c4152c628df5 | 314 | word32 maxPacketSz; |
sPymbed | 0:c4152c628df5 | 315 | word32 peerChannel; |
sPymbed | 0:c4152c628df5 | 316 | word32 peerWindowSz; |
sPymbed | 0:c4152c628df5 | 317 | word32 peerMaxPacketSz; |
sPymbed | 0:c4152c628df5 | 318 | Buffer inputBuffer; |
sPymbed | 0:c4152c628df5 | 319 | struct WOLFSSH* ssh; |
sPymbed | 0:c4152c628df5 | 320 | struct WOLFSSH_CHANNEL* next; |
sPymbed | 0:c4152c628df5 | 321 | }; |
sPymbed | 0:c4152c628df5 | 322 | |
sPymbed | 0:c4152c628df5 | 323 | |
sPymbed | 0:c4152c628df5 | 324 | WOLFSSH_LOCAL WOLFSSH_CTX* CtxInit(WOLFSSH_CTX*, byte, void*); |
sPymbed | 0:c4152c628df5 | 325 | WOLFSSH_LOCAL void CtxResourceFree(WOLFSSH_CTX*); |
sPymbed | 0:c4152c628df5 | 326 | WOLFSSH_LOCAL WOLFSSH* SshInit(WOLFSSH*, WOLFSSH_CTX*); |
sPymbed | 0:c4152c628df5 | 327 | WOLFSSH_LOCAL void SshResourceFree(WOLFSSH*, void*); |
sPymbed | 0:c4152c628df5 | 328 | |
sPymbed | 0:c4152c628df5 | 329 | WOLFSSH_LOCAL WOLFSSH_CHANNEL* ChannelNew(WOLFSSH*, byte, word32, word32); |
sPymbed | 0:c4152c628df5 | 330 | WOLFSSH_LOCAL int ChannelUpdate(WOLFSSH_CHANNEL*, word32, word32, word32); |
sPymbed | 0:c4152c628df5 | 331 | WOLFSSH_LOCAL void ChannelDelete(WOLFSSH_CHANNEL*, void*); |
sPymbed | 0:c4152c628df5 | 332 | WOLFSSH_LOCAL WOLFSSH_CHANNEL* ChannelFind(WOLFSSH*, word32, byte); |
sPymbed | 0:c4152c628df5 | 333 | WOLFSSH_LOCAL int ChannelRemove(WOLFSSH*, word32, byte); |
sPymbed | 0:c4152c628df5 | 334 | WOLFSSH_LOCAL int ChannelPutData(WOLFSSH_CHANNEL*, byte*, word32); |
sPymbed | 0:c4152c628df5 | 335 | WOLFSSH_LOCAL int wolfSSH_ProcessBuffer(WOLFSSH_CTX*, |
sPymbed | 0:c4152c628df5 | 336 | const byte*, word32, |
sPymbed | 0:c4152c628df5 | 337 | int, int); |
sPymbed | 0:c4152c628df5 | 338 | |
sPymbed | 0:c4152c628df5 | 339 | |
sPymbed | 0:c4152c628df5 | 340 | #ifndef WOLFSSH_USER_IO |
sPymbed | 0:c4152c628df5 | 341 | |
sPymbed | 0:c4152c628df5 | 342 | /* default I/O handlers */ |
sPymbed | 0:c4152c628df5 | 343 | WOLFSSH_LOCAL int wsEmbedRecv(WOLFSSH*, void*, word32, void*); |
sPymbed | 0:c4152c628df5 | 344 | WOLFSSH_LOCAL int wsEmbedSend(WOLFSSH*, void*, word32, void*); |
sPymbed | 0:c4152c628df5 | 345 | |
sPymbed | 0:c4152c628df5 | 346 | #endif /* WOLFSSH_USER_IO */ |
sPymbed | 0:c4152c628df5 | 347 | |
sPymbed | 0:c4152c628df5 | 348 | |
sPymbed | 0:c4152c628df5 | 349 | WOLFSSH_LOCAL int DoReceive(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 350 | WOLFSSH_LOCAL int DoProtoId(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 351 | WOLFSSH_LOCAL int SendProtoId(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 352 | WOLFSSH_LOCAL int SendKexInit(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 353 | WOLFSSH_LOCAL int SendKexDhInit(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 354 | WOLFSSH_LOCAL int SendKexDhReply(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 355 | WOLFSSH_LOCAL int SendKexDhGexRequest(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 356 | WOLFSSH_LOCAL int SendKexDhGexGroup(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 357 | WOLFSSH_LOCAL int SendNewKeys(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 358 | WOLFSSH_LOCAL int SendUnimplemented(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 359 | WOLFSSH_LOCAL int SendDisconnect(WOLFSSH*, word32); |
sPymbed | 0:c4152c628df5 | 360 | WOLFSSH_LOCAL int SendIgnore(WOLFSSH*, const unsigned char*, word32); |
sPymbed | 0:c4152c628df5 | 361 | WOLFSSH_LOCAL int SendDebug(WOLFSSH*, byte, const char*); |
sPymbed | 0:c4152c628df5 | 362 | WOLFSSH_LOCAL int SendServiceRequest(WOLFSSH*, byte); |
sPymbed | 0:c4152c628df5 | 363 | WOLFSSH_LOCAL int SendServiceAccept(WOLFSSH*, byte); |
sPymbed | 0:c4152c628df5 | 364 | WOLFSSH_LOCAL int SendUserAuthRequest(WOLFSSH*, byte); |
sPymbed | 0:c4152c628df5 | 365 | WOLFSSH_LOCAL int SendUserAuthSuccess(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 366 | WOLFSSH_LOCAL int SendUserAuthFailure(WOLFSSH*, byte); |
sPymbed | 0:c4152c628df5 | 367 | WOLFSSH_LOCAL int SendUserAuthBanner(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 368 | WOLFSSH_LOCAL int SendUserAuthPkOk(WOLFSSH*, const byte*, word32, |
sPymbed | 0:c4152c628df5 | 369 | const byte*, word32); |
sPymbed | 0:c4152c628df5 | 370 | WOLFSSH_LOCAL int SendRequestSuccess(WOLFSSH*, int); |
sPymbed | 0:c4152c628df5 | 371 | WOLFSSH_LOCAL int SendChannelOpenSession(WOLFSSH*, word32, word32); |
sPymbed | 0:c4152c628df5 | 372 | WOLFSSH_LOCAL int SendChannelOpenConf(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 373 | WOLFSSH_LOCAL int SendChannelEof(WOLFSSH*, word32); |
sPymbed | 0:c4152c628df5 | 374 | WOLFSSH_LOCAL int SendChannelClose(WOLFSSH*, word32); |
sPymbed | 0:c4152c628df5 | 375 | WOLFSSH_LOCAL int SendChannelData(WOLFSSH*, word32, byte*, word32); |
sPymbed | 0:c4152c628df5 | 376 | WOLFSSH_LOCAL int SendChannelWindowAdjust(WOLFSSH*, word32, word32); |
sPymbed | 0:c4152c628df5 | 377 | WOLFSSH_LOCAL int SendChannelRequestShell(WOLFSSH*); |
sPymbed | 0:c4152c628df5 | 378 | WOLFSSH_LOCAL int SendChannelSuccess(WOLFSSH*, word32, int); |
sPymbed | 0:c4152c628df5 | 379 | WOLFSSH_LOCAL int GenerateKey(byte, byte, byte*, word32, const byte*, word32, |
sPymbed | 0:c4152c628df5 | 380 | const byte*, word32, const byte*, word32); |
sPymbed | 0:c4152c628df5 | 381 | |
sPymbed | 0:c4152c628df5 | 382 | |
sPymbed | 0:c4152c628df5 | 383 | enum AcceptStates { |
sPymbed | 0:c4152c628df5 | 384 | ACCEPT_BEGIN = 0, |
sPymbed | 0:c4152c628df5 | 385 | ACCEPT_SERVER_VERSION_SENT, |
sPymbed | 0:c4152c628df5 | 386 | ACCEPT_CLIENT_VERSION_DONE, |
sPymbed | 0:c4152c628df5 | 387 | ACCEPT_SERVER_KEXINIT_SENT, |
sPymbed | 0:c4152c628df5 | 388 | ACCEPT_KEYED, |
sPymbed | 0:c4152c628df5 | 389 | ACCEPT_CLIENT_USERAUTH_REQUEST_DONE, |
sPymbed | 0:c4152c628df5 | 390 | ACCEPT_SERVER_USERAUTH_ACCEPT_SENT, |
sPymbed | 0:c4152c628df5 | 391 | ACCEPT_CLIENT_USERAUTH_DONE, |
sPymbed | 0:c4152c628df5 | 392 | ACCEPT_SERVER_USERAUTH_SENT, |
sPymbed | 0:c4152c628df5 | 393 | ACCEPT_CLIENT_CHANNEL_REQUEST_DONE, |
sPymbed | 0:c4152c628df5 | 394 | ACCEPT_SERVER_CHANNEL_ACCEPT_SENT |
sPymbed | 0:c4152c628df5 | 395 | }; |
sPymbed | 0:c4152c628df5 | 396 | |
sPymbed | 0:c4152c628df5 | 397 | |
sPymbed | 0:c4152c628df5 | 398 | enum ConnectStates { |
sPymbed | 0:c4152c628df5 | 399 | CONNECT_BEGIN = 0, |
sPymbed | 0:c4152c628df5 | 400 | CONNECT_CLIENT_VERSION_SENT, |
sPymbed | 0:c4152c628df5 | 401 | CONNECT_SERVER_VERSION_DONE, |
sPymbed | 0:c4152c628df5 | 402 | CONNECT_CLIENT_KEXINIT_SENT, |
sPymbed | 0:c4152c628df5 | 403 | CONNECT_SERVER_KEXINIT_DONE, |
sPymbed | 0:c4152c628df5 | 404 | CONNECT_CLIENT_KEXDH_INIT_SENT, |
sPymbed | 0:c4152c628df5 | 405 | CONNECT_KEYED, |
sPymbed | 0:c4152c628df5 | 406 | CONNECT_CLIENT_USERAUTH_REQUEST_SENT, |
sPymbed | 0:c4152c628df5 | 407 | CONNECT_SERVER_USERAUTH_REQUEST_DONE, |
sPymbed | 0:c4152c628df5 | 408 | CONNECT_CLIENT_USERAUTH_SENT, |
sPymbed | 0:c4152c628df5 | 409 | CONNECT_SERVER_USERAUTH_ACCEPT_DONE, |
sPymbed | 0:c4152c628df5 | 410 | CONNECT_CLIENT_CHANNEL_OPEN_SESSION_SENT, |
sPymbed | 0:c4152c628df5 | 411 | CONNECT_SERVER_CHANNEL_OPEN_SESSION_DONE, |
sPymbed | 0:c4152c628df5 | 412 | CONNECT_CLIENT_CHANNEL_REQUEST_SHELL_SENT, |
sPymbed | 0:c4152c628df5 | 413 | CONNECT_SERVER_CHANNEL_REQUEST_SHELL_DONE |
sPymbed | 0:c4152c628df5 | 414 | }; |
sPymbed | 0:c4152c628df5 | 415 | |
sPymbed | 0:c4152c628df5 | 416 | |
sPymbed | 0:c4152c628df5 | 417 | enum ClientStates { |
sPymbed | 0:c4152c628df5 | 418 | CLIENT_BEGIN = 0, |
sPymbed | 0:c4152c628df5 | 419 | CLIENT_VERSION_DONE, |
sPymbed | 0:c4152c628df5 | 420 | CLIENT_KEXINIT_DONE, |
sPymbed | 0:c4152c628df5 | 421 | CLIENT_KEXDH_INIT_DONE, |
sPymbed | 0:c4152c628df5 | 422 | CLIENT_USERAUTH_REQUEST_DONE, |
sPymbed | 0:c4152c628df5 | 423 | CLIENT_USERAUTH_DONE, |
sPymbed | 0:c4152c628df5 | 424 | CLIENT_DONE |
sPymbed | 0:c4152c628df5 | 425 | }; |
sPymbed | 0:c4152c628df5 | 426 | |
sPymbed | 0:c4152c628df5 | 427 | |
sPymbed | 0:c4152c628df5 | 428 | enum ServerStates { |
sPymbed | 0:c4152c628df5 | 429 | SERVER_BEGIN = 0, |
sPymbed | 0:c4152c628df5 | 430 | SERVER_VERSION_DONE, |
sPymbed | 0:c4152c628df5 | 431 | SERVER_KEXINIT_DONE, |
sPymbed | 0:c4152c628df5 | 432 | SERVER_USERAUTH_REQUEST_DONE, |
sPymbed | 0:c4152c628df5 | 433 | SERVER_USERAUTH_ACCEPT_DONE, |
sPymbed | 0:c4152c628df5 | 434 | SERVER_CHANNEL_OPEN_DONE, |
sPymbed | 0:c4152c628df5 | 435 | SERVER_DONE |
sPymbed | 0:c4152c628df5 | 436 | }; |
sPymbed | 0:c4152c628df5 | 437 | |
sPymbed | 0:c4152c628df5 | 438 | |
sPymbed | 0:c4152c628df5 | 439 | enum ProcessReplyStates { |
sPymbed | 0:c4152c628df5 | 440 | PROCESS_INIT, |
sPymbed | 0:c4152c628df5 | 441 | PROCESS_PACKET_LENGTH, |
sPymbed | 0:c4152c628df5 | 442 | PROCESS_PACKET_FINISH, |
sPymbed | 0:c4152c628df5 | 443 | PROCESS_PACKET |
sPymbed | 0:c4152c628df5 | 444 | }; |
sPymbed | 0:c4152c628df5 | 445 | |
sPymbed | 0:c4152c628df5 | 446 | |
sPymbed | 0:c4152c628df5 | 447 | enum WS_MessageIds { |
sPymbed | 0:c4152c628df5 | 448 | MSGID_DISCONNECT = 1, |
sPymbed | 0:c4152c628df5 | 449 | MSGID_IGNORE = 2, |
sPymbed | 0:c4152c628df5 | 450 | MSGID_UNIMPLEMENTED = 3, |
sPymbed | 0:c4152c628df5 | 451 | MSGID_DEBUG = 4, |
sPymbed | 0:c4152c628df5 | 452 | MSGID_SERVICE_REQUEST = 5, |
sPymbed | 0:c4152c628df5 | 453 | MSGID_SERVICE_ACCEPT = 6, |
sPymbed | 0:c4152c628df5 | 454 | |
sPymbed | 0:c4152c628df5 | 455 | MSGID_KEXINIT = 20, |
sPymbed | 0:c4152c628df5 | 456 | MSGID_NEWKEYS = 21, |
sPymbed | 0:c4152c628df5 | 457 | |
sPymbed | 0:c4152c628df5 | 458 | MSGID_KEXDH_INIT = 30, |
sPymbed | 0:c4152c628df5 | 459 | MSGID_KEXECDH_INIT = 30, |
sPymbed | 0:c4152c628df5 | 460 | |
sPymbed | 0:c4152c628df5 | 461 | MSGID_KEXDH_REPLY = 31, |
sPymbed | 0:c4152c628df5 | 462 | MSGID_KEXECDH_REPLY = 31, |
sPymbed | 0:c4152c628df5 | 463 | MSGID_KEXDH_GEX_GROUP = 31, |
sPymbed | 0:c4152c628df5 | 464 | MSGID_KEXDH_GEX_INIT = 32, |
sPymbed | 0:c4152c628df5 | 465 | MSGID_KEXDH_GEX_REPLY = 33, |
sPymbed | 0:c4152c628df5 | 466 | MSGID_KEXDH_GEX_REQUEST = 34, |
sPymbed | 0:c4152c628df5 | 467 | |
sPymbed | 0:c4152c628df5 | 468 | MSGID_USERAUTH_REQUEST = 50, |
sPymbed | 0:c4152c628df5 | 469 | MSGID_USERAUTH_FAILURE = 51, |
sPymbed | 0:c4152c628df5 | 470 | MSGID_USERAUTH_SUCCESS = 52, |
sPymbed | 0:c4152c628df5 | 471 | MSGID_USERAUTH_BANNER = 53, |
sPymbed | 0:c4152c628df5 | 472 | MSGID_USERAUTH_PK_OK = 60, /* Public Key OK */ |
sPymbed | 0:c4152c628df5 | 473 | MSGID_USERAUTH_PW_CHRQ = 60, /* Password Change Request */ |
sPymbed | 0:c4152c628df5 | 474 | |
sPymbed | 0:c4152c628df5 | 475 | MSGID_GLOBAL_REQUEST = 80, |
sPymbed | 0:c4152c628df5 | 476 | MSGID_REQUEST_SUCCESS = 81, |
sPymbed | 0:c4152c628df5 | 477 | MSGID_REQUEST_FAILURE = 82, |
sPymbed | 0:c4152c628df5 | 478 | |
sPymbed | 0:c4152c628df5 | 479 | MSGID_CHANNEL_OPEN = 90, |
sPymbed | 0:c4152c628df5 | 480 | MSGID_CHANNEL_OPEN_CONF = 91, |
sPymbed | 0:c4152c628df5 | 481 | MSGID_CHANNEL_OPEN_FAIL = 92, |
sPymbed | 0:c4152c628df5 | 482 | MSGID_CHANNEL_WINDOW_ADJUST = 93, |
sPymbed | 0:c4152c628df5 | 483 | MSGID_CHANNEL_DATA = 94, |
sPymbed | 0:c4152c628df5 | 484 | MSGID_CHANNEL_EOF = 96, |
sPymbed | 0:c4152c628df5 | 485 | MSGID_CHANNEL_CLOSE = 97, |
sPymbed | 0:c4152c628df5 | 486 | MSGID_CHANNEL_REQUEST = 98, |
sPymbed | 0:c4152c628df5 | 487 | MSGID_CHANNEL_SUCCESS = 99, |
sPymbed | 0:c4152c628df5 | 488 | MSGID_CHANNEL_FAILURE = 100 |
sPymbed | 0:c4152c628df5 | 489 | }; |
sPymbed | 0:c4152c628df5 | 490 | |
sPymbed | 0:c4152c628df5 | 491 | |
sPymbed | 0:c4152c628df5 | 492 | /* dynamic memory types */ |
sPymbed | 0:c4152c628df5 | 493 | enum WS_DynamicTypes { |
sPymbed | 0:c4152c628df5 | 494 | DYNTYPE_CTX, |
sPymbed | 0:c4152c628df5 | 495 | DYNTYPE_SSH, |
sPymbed | 0:c4152c628df5 | 496 | DYNTYPE_CHANNEL, |
sPymbed | 0:c4152c628df5 | 497 | DYNTYPE_BUFFER, |
sPymbed | 0:c4152c628df5 | 498 | DYNTYPE_ID, |
sPymbed | 0:c4152c628df5 | 499 | DYNTYPE_HS, |
sPymbed | 0:c4152c628df5 | 500 | DYNTYPE_CA, |
sPymbed | 0:c4152c628df5 | 501 | DYNTYPE_CERT, |
sPymbed | 0:c4152c628df5 | 502 | DYNTYPE_PRIVKEY, |
sPymbed | 0:c4152c628df5 | 503 | DYNTYPE_PUBKEY, |
sPymbed | 0:c4152c628df5 | 504 | DYNTYPE_DH, |
sPymbed | 0:c4152c628df5 | 505 | DYNTYPE_RNG, |
sPymbed | 0:c4152c628df5 | 506 | DYNTYPE_STRING, |
sPymbed | 0:c4152c628df5 | 507 | DYNTYPE_MPINT |
sPymbed | 0:c4152c628df5 | 508 | }; |
sPymbed | 0:c4152c628df5 | 509 | |
sPymbed | 0:c4152c628df5 | 510 | |
sPymbed | 0:c4152c628df5 | 511 | enum WS_BufferTypes { |
sPymbed | 0:c4152c628df5 | 512 | BUFTYPE_CA, |
sPymbed | 0:c4152c628df5 | 513 | BUFTYPE_CERT, |
sPymbed | 0:c4152c628df5 | 514 | BUFTYPE_PRIVKEY, |
sPymbed | 0:c4152c628df5 | 515 | BUFTYPE_PUBKEY |
sPymbed | 0:c4152c628df5 | 516 | }; |
sPymbed | 0:c4152c628df5 | 517 | |
sPymbed | 0:c4152c628df5 | 518 | |
sPymbed | 0:c4152c628df5 | 519 | WOLFSSH_LOCAL void DumpOctetString(const byte*, word32); |
sPymbed | 0:c4152c628df5 | 520 | |
sPymbed | 0:c4152c628df5 | 521 | |
sPymbed | 0:c4152c628df5 | 522 | #ifdef __cplusplus |
sPymbed | 0:c4152c628df5 | 523 | } |
sPymbed | 0:c4152c628df5 | 524 | #endif |
sPymbed | 0:c4152c628df5 | 525 |