Skip to content

Commit

Permalink
Merge pull request #729 from ejohnstown/new-kdf
Browse files Browse the repository at this point in the history
Use wolfCrypt SSHv2 KDF
  • Loading branch information
dgarske authored Jul 30, 2024
2 parents 06dc40d + 6e151e4 commit 40aabc2
Show file tree
Hide file tree
Showing 5 changed files with 48 additions and 2 deletions.
39 changes: 38 additions & 1 deletion src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,12 @@
#include <wolfssl/wolfcrypt/hmac.h>
#include <wolfssl/wolfcrypt/signature.h>

#if (LIBWOLFSSL_VERSION_HEX >= WOLFSSL_V5_0_0) \
&& ((defined(HAVE_FIPS) && FIPS_VERSION_GE(5,2)) \
|| defined(WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256))
#include <wolfssl/wolfcrypt/kdf.h>
#endif

#ifdef WOLFSSH_HAVE_LIBOQS
#include <oqs/kem.h>
#endif
Expand Down Expand Up @@ -456,6 +462,9 @@ const char* GetErrorString(int err)
case WS_AUTH_PENDING:
return "userauth is still pending (callback would block)";

case WS_KDF_E:
return "KDF error";

default:
return "Unknown error code";
}
Expand Down Expand Up @@ -2164,6 +2173,32 @@ int GenerateKey(byte hashId, byte keyId,
const byte* h, word32 hSz,
const byte* sessionId, word32 sessionIdSz,
byte doKeyPad)
#if (LIBWOLFSSL_VERSION_HEX >= WOLFSSL_V5_0_0) \
&& ((defined(HAVE_FIPS) && FIPS_VERSION_GE(5,2)) \
|| defined(WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256))
/* Cannot use the SSH KDF with Kyber. With Kyber, doKeyPad must be false,
* and the FIPS SSH KDF doesn't handle no-padding. Also, the Kyber algorithm
* isn't in our FIPS boundary. */
{
int ret = WS_SUCCESS;

if (!doKeyPad) {
WLOG(WS_LOG_ERROR, "cannot use FIPS KDF with Kyber");
ret = WS_INVALID_ALGO_ID;
}
else {
PRIVATE_KEY_UNLOCK();
ret = wc_SSH_KDF(hashId, keyId, key, keySz,
k, kSz, h, hSz, sessionId, sessionIdSz);
PRIVATE_KEY_LOCK();
if (ret != 0) {
WLOG(WS_LOG_ERROR, "SSH KDF failed (%d)", ret);
ret = WS_KDF_E;
}
}
return ret;
}
#else
{
word32 blocks, remainder;
wc_HashAlg hash;
Expand All @@ -2174,12 +2209,13 @@ int GenerateKey(byte hashId, byte keyId,
int digestSz;
int ret;

WLOG(WS_LOG_DEBUG, "Entering GenerateKey()");

if (key == NULL || keySz == 0 ||
k == NULL || kSz == 0 ||
h == NULL || hSz == 0 ||
sessionId == NULL || sessionIdSz == 0) {

WLOG(WS_LOG_DEBUG, "GK: bad argument");
return WS_BAD_ARGUMENT;
}

Expand Down Expand Up @@ -2274,6 +2310,7 @@ int GenerateKey(byte hashId, byte keyId,

return ret;
}
#endif /* HAVE_FIPS && LIBWOLFSSL_VERSION_HEX >= WOLFSSL_V5_7_2 */


static int GenerateKeys(WOLFSSH* ssh, byte hashId, byte doKeyPad)
Expand Down
3 changes: 2 additions & 1 deletion wolfssh/error.h
Original file line number Diff line number Diff line change
Expand Up @@ -135,8 +135,9 @@ enum WS_ErrorCodes {
WS_MSGID_NOT_ALLOWED_E = -1094, /* Message not allowed before userauth */
WS_ED25519_E = -1095, /* Ed25519 failure */
WS_AUTH_PENDING = -1096, /* User authentication still pending */
WS_KDF_E = -1097, /* KDF error*/

WS_LAST_E = -1096 /* Update this to indicate last error */
WS_LAST_E = -1097 /* Update this to indicate last error */
};


Expand Down
2 changes: 2 additions & 0 deletions wolfssh/internal.h
Original file line number Diff line number Diff line change
Expand Up @@ -1352,7 +1352,9 @@ enum TerminalModes {
#endif /* WOLFSSH_TERM */


#define WOLFSSL_V5_0_0 0x05000000
#define WOLFSSL_V5_7_0 0x05007000
#define WOLFSSL_V5_7_2 0x05007002


#ifdef __cplusplus
Expand Down
3 changes: 3 additions & 0 deletions zephyr/samples/tests/wolfssl_user_settings.h
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ extern "C" {
#undef WOLFSSL_ZEPHYR
#define WOLFSSL_ZEPHYR

#undef WOLFSSL_WOLFSSH
#define WOLFSSL_WOLFSSH

#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT

Expand Down
3 changes: 3 additions & 0 deletions zephyr/samples/tests/wolfssl_user_settings_nofs.h
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ extern "C" {
#undef WOLFSSL_ZEPHYR
#define WOLFSSL_ZEPHYR

#undef WOLFSSL_WOLFSSH
#define WOLFSSL_WOLFSSH

#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT

Expand Down

0 comments on commit 40aabc2

Please sign in to comment.