Skip to content

Commit

Permalink
Merge pull request wolfSSL#731 from ejohnstown/dh-group14-sha256
Browse files Browse the repository at this point in the history 
DH Group 14 with SHA256
  • Loading branch information
@JacobBarthelmeh @jefferyq2
JacobBarthelmeh authored and jefferyq2 committed Sep 24, 2024
1 parent e51a46b commit bbcda07
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 5 deletions.
42 changes: 38 additions & 4 deletions src/internal.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,9 @@
WOLFSSH_NO_DH_GROUP14_SHA1
Set when DH or SHA1 are disabled. Set to disable use of DH (Oakley 14) and
SHA1 support.
WOLFSSH_NO_DH_GROUP14_SHA256
Set when DH or SHA256 are disabled. Set to disable use of DH (Oakley 14)
and SHA256 support.
WOLFSSH_NO_DH_GEX_SHA256
Set when DH or SHA2-256 are disabled. Set to disable use of DH group
exchange and SHA2-256 support.
Expand Down Expand Up @@ -674,6 +677,9 @@ static const char cannedKexAlgoNames[] =
#if !defined(WOLFSSH_NO_ECDH_SHA2_NISTP256)
"ecdh-sha2-nistp256,"
#endif
#if !defined(WOLFSSH_NO_DH_GROUP14_SHA256)
"diffie-hellman-group14-sha256,"
#endif
#if !defined(WOLFSSH_NO_DH_GEX_SHA256)
"diffie-hellman-group-exchange-sha256,"
#endif
Expand Down Expand Up @@ -2397,6 +2403,9 @@ static const NameIdPair NameIdMap[] = {
#ifndef WOLFSSH_NO_DH_GROUP14_SHA1
{ ID_DH_GROUP14_SHA1, TYPE_KEX, "diffie-hellman-group14-sha1" },
#endif
#ifndef WOLFSSH_NO_DH_GROUP14_SHA256
{ ID_DH_GROUP14_SHA256, TYPE_KEX, "diffie-hellman-group14-sha256" },
#endif
#ifndef WOLFSSH_NO_DH_GEX_SHA256
{ ID_DH_GEX_SHA256, TYPE_KEX, "diffie-hellman-group-exchange-sha256" },
#endif
Expand All @@ -2409,9 +2418,6 @@ static const NameIdPair NameIdMap[] = {
#ifndef WOLFSSH_NO_ECDH_SHA2_NISTP521
{ ID_ECDH_SHA2_NISTP521, TYPE_KEX, "ecdh-sha2-nistp521" },
#endif
#ifndef WOLFSSH_NO_DH_GEX_SHA256
{ ID_DH_GROUP14_SHA256, TYPE_KEX, "diffie-hellman-group14-sha256" },
#endif
#ifndef WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256
/* We use kyber-512 here to achieve interop with OQS's fork. */
{ ID_ECDH_NISTP256_KYBER_LEVEL1_SHA256, TYPE_KEX,
Expand Down Expand Up @@ -3632,6 +3638,10 @@ INLINE enum wc_HashType HashForId(byte id)
#endif

/* SHA2-256 */
#ifndef WOLFSSH_NO_DH_GROUP14_SHA256
case ID_DH_GROUP14_SHA256:
return WC_HASH_TYPE_SHA256;
#endif
#ifndef WOLFSSH_NO_DH_GEX_SHA256
case ID_DH_GEX_SHA256:
return WC_HASH_TYPE_SHA256;
Expand Down Expand Up @@ -4239,6 +4249,7 @@ static const word32 dhPrimeGroup1Sz = (word32)sizeof(dhPrimeGroup1);
#endif

#if !defined(WOLFSSH_NO_DH_GROUP14_SHA1) || \
!defined(WOLFSSH_NO_DH_GROUP14_SHA256) || \
!defined(WOLFSSH_NO_DH_GEX_SHA256)
static const byte dhPrimeGroup14[] = {
/* SSH DH Group 14 (Oakley Group 14, 2048-bit MODP Group, RFC 3526) */
Expand Down Expand Up @@ -10093,6 +10104,14 @@ static int GetDHPrimeGroup(int kexId, const byte** primeGroup,
*generatorSz = dhGeneratorSz;
break;
#endif
#ifndef WOLFSSH_NO_DH_GROUP14_SHA256
case ID_DH_GROUP14_SHA256:
*primeGroup = dhPrimeGroup14;
*primeGroupSz = dhPrimeGroup14Sz;
*generator = dhGenerator;
*generatorSz = dhGeneratorSz;
break;
#endif
#ifndef WOLFSSH_NO_DH_GEX_SHA256
case ID_DH_GEX_SHA256:
*primeGroup = dhPrimeGroup14;
Expand Down Expand Up @@ -10121,7 +10140,7 @@ static int SendKexGetSigningKey(WOLFSSH* ssh,
void* heap;
byte scratchLen[LENGTH_SZ];
word32 scratch = 0;
#ifndef WOLFSSH_NO_DH
#ifndef WOLFSSH_NO_DH_GEX_SHA256
const byte* primeGroup = NULL;
word32 primeGroupSz = 0;
const byte* generator = NULL;
Expand Down Expand Up @@ -11363,6 +11382,12 @@ int SendKexDhReply(WOLFSSH* ssh)
msgId = MSGID_KEXDH_REPLY;
break;
#endif
#ifndef WOLFSSH_NO_DH_GROUP14_SHA256
case ID_DH_GROUP14_SHA256:
useDh = 1;
msgId = MSGID_KEXDH_REPLY;
break;
#endif
#ifndef WOLFSSH_NO_DH_GEX_SHA256
case ID_DH_GEX_SHA256:
useDh = 1;
Expand Down Expand Up @@ -11923,6 +11948,15 @@ int SendKexDhInit(WOLFSSH* ssh)
generatorSz = dhGeneratorSz;
break;
#endif
#ifndef WOLFSSH_NO_DH_GROUP14_SHA256
case ID_DH_GROUP14_SHA256:
ssh->handshake->useDh = 1;
primeGroup = dhPrimeGroup14;
primeGroupSz = dhPrimeGroup14Sz;
generator = dhGenerator;
generatorSz = dhGeneratorSz;
break;
#endif
#ifndef WOLFSSH_NO_DH_GEX_SHA256
case ID_DH_GEX_SHA256:
ssh->handshake->useDh = 1;
Expand Down
8 changes: 7 additions & 1 deletion wolfssh/internal.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,10 @@ extern "C" {
#undef WOLFSSH_NO_DH_GROUP14_SHA1
#define WOLFSSH_NO_DH_GROUP14_SHA1
#endif
#if defined(WOLFSSH_NO_DH) || defined(WOLFSSH_NO_SHA256)
#undef WOLFSSH_NO_DH_GROUP14_SHA256
#define WOLFSSH_NO_DH_GROUP14_SHA256
#endif
#if defined(WOLFSSH_NO_DH) || defined(NO_SHA256)
#undef WOLFSSH_NO_DH_GEX_SHA256
#define WOLFSSH_NO_DH_GEX_SHA256
Expand Down Expand Up @@ -171,6 +175,7 @@ extern "C" {

#if defined(WOLFSSH_NO_DH_GROUP1_SHA1) && \
defined(WOLFSSH_NO_DH_GROUP14_SHA1) && \
defined(WOLFSSH_NO_DH_GROUP14_SHA256) && \
defined(WOLFSSH_NO_DH_GEX_SHA256) && \
defined(WOLFSSH_NO_ECDH_SHA2_NISTP256) && \
defined(WOLFSSH_NO_ECDH_SHA2_NISTP384) && \
Expand All @@ -182,6 +187,7 @@ extern "C" {

#if defined(WOLFSSH_NO_DH_GROUP1_SHA1) && \
defined(WOLFSSH_NO_DH_GROUP14_SHA1) && \
defined(WOLFSSH_NO_DH_GROUP14_SHA256) && \
defined(WOLFSSH_NO_DH_GEX_SHA256)
#undef WOLFSSH_NO_DH
#define WOLFSSH_NO_DH
Expand Down Expand Up @@ -307,13 +313,13 @@ enum {
/* Key Exchange IDs */
ID_DH_GROUP1_SHA1,
ID_DH_GROUP14_SHA1,
ID_DH_GROUP14_SHA256,
ID_DH_GEX_SHA256,
ID_ECDH_SHA2_NISTP256,
ID_ECDH_SHA2_NISTP384,
ID_ECDH_SHA2_NISTP521,
ID_ECDH_SHA2_ED25519,
ID_ECDH_SHA2_ED25519_LIBSSH,
ID_DH_GROUP14_SHA256,
#ifndef WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256
ID_ECDH_NISTP256_KYBER_LEVEL1_SHA256,
#endif
Expand Down

0 comments on commit bbcda07

Please sign in to comment.