From 86ce2bdd6b17a23e561e5d894955b22ac0c41a01 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 29 Jul 2024 16:38:07 -0700 Subject: [PATCH] Use wolfCrypt SSHv2 KDF 1. Switching to use the new SSH-KDF function in wolfCrypt when the correct version of wolfSSL (v5.7.2 at a minimum) is used, when certified version of wolfCrypt is used or Kyber is disabled. 2. Add WOLFSSL_WOLFSSH to the wolfSSL user_settings files for the Zephyr testing. --- src/internal.c | 34 ++++++++++++++++++- wolfssh/error.h | 3 +- wolfssh/internal.h | 1 + zephyr/samples/tests/wolfssl_user_settings.h | 3 ++ .../tests/wolfssl_user_settings_nofs.h | 3 ++ 5 files changed, 42 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index 97d94fb47..cdda934aa 100644 --- a/src/internal.c +++ b/src/internal.c @@ -47,6 +47,7 @@ #include #include #include +#include #ifdef WOLFSSH_HAVE_LIBOQS #include @@ -456,6 +457,9 @@ const char* GetErrorString(int err) case WS_AUTH_PENDING: return "userauth is still pending (callback would block)"; + case WS_KDF_E: + return "KDF error"; + default: return "Unknown error code"; } @@ -2164,6 +2168,32 @@ int GenerateKey(byte hashId, byte keyId, const byte* h, word32 hSz, const byte* sessionId, word32 sessionIdSz, byte doKeyPad) +#if (LIBWOLFSSL_VERSION_HEX >= WOLFSSL_V5_7_2) \ + && ((defined(HAVE_FIPS) && FIPS_VERSION_GE(5,2)) \ + || defined(WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256)) +/* Cannot use the SSH KDF with Kyber. With Kyber, doKeyPad must be false, + * and the FIPS SSH KDF doesn't handle no-padding. Also, the Kyber algorithm + * isn't in our FIPS boundary. */ +{ + int ret = WS_SUCCESS; + + if (!doKeyPad) { + WLOG(WS_LOG_ERROR, "cannot use FIPS KDF with Kyber"); + ret = WS_INVALID_ALGO_ID; + } + else { + PRIVATE_KEY_UNLOCK(); + ret = wc_SSH_KDF(hashId, keyId, key, keySz, + k, kSz, h, hSz, sessionId, sessionIdSz); + PRIVATE_KEY_LOCK(); + if (ret != 0) { + WLOG(WS_LOG_ERROR, "SSH KDF failed (%d)", ret); + ret = WS_KDF_E; + } + } + return ret; +} +#else { word32 blocks, remainder; wc_HashAlg hash; @@ -2174,12 +2204,13 @@ int GenerateKey(byte hashId, byte keyId, int digestSz; int ret; + WLOG(WS_LOG_DEBUG, "Entering GenerateKey()"); + if (key == NULL || keySz == 0 || k == NULL || kSz == 0 || h == NULL || hSz == 0 || sessionId == NULL || sessionIdSz == 0) { - WLOG(WS_LOG_DEBUG, "GK: bad argument"); return WS_BAD_ARGUMENT; } @@ -2274,6 +2305,7 @@ int GenerateKey(byte hashId, byte keyId, return ret; } +#endif /* HAVE_FIPS && LIBWOLFSSL_VERSION_HEX >= WOLFSSL_V5_7_2 */ static int GenerateKeys(WOLFSSH* ssh, byte hashId, byte doKeyPad) diff --git a/wolfssh/error.h b/wolfssh/error.h index 9d3832fa3..d41f840b8 100644 --- a/wolfssh/error.h +++ b/wolfssh/error.h @@ -135,8 +135,9 @@ enum WS_ErrorCodes { WS_MSGID_NOT_ALLOWED_E = -1094, /* Message not allowed before userauth */ WS_ED25519_E = -1095, /* Ed25519 failure */ WS_AUTH_PENDING = -1096, /* User authentication still pending */ + WS_KDF_E = -1097, /* KDF error*/ - WS_LAST_E = -1096 /* Update this to indicate last error */ + WS_LAST_E = -1097 /* Update this to indicate last error */ }; diff --git a/wolfssh/internal.h b/wolfssh/internal.h index a1f29b48c..a39fa1da8 100644 --- a/wolfssh/internal.h +++ b/wolfssh/internal.h @@ -1353,6 +1353,7 @@ enum TerminalModes { #define WOLFSSL_V5_7_0 0x05007000 +#define WOLFSSL_V5_7_2 0x05007002 #ifdef __cplusplus diff --git a/zephyr/samples/tests/wolfssl_user_settings.h b/zephyr/samples/tests/wolfssl_user_settings.h index 03b12c94f..b22d3bd3e 100644 --- a/zephyr/samples/tests/wolfssl_user_settings.h +++ b/zephyr/samples/tests/wolfssl_user_settings.h @@ -28,6 +28,9 @@ extern "C" { #undef WOLFSSL_ZEPHYR #define WOLFSSL_ZEPHYR +#undef WOLFSSL_WOLFSSH +#define WOLFSSL_WOLFSSH + #undef TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT diff --git a/zephyr/samples/tests/wolfssl_user_settings_nofs.h b/zephyr/samples/tests/wolfssl_user_settings_nofs.h index 881b6b689..7a27eae49 100644 --- a/zephyr/samples/tests/wolfssl_user_settings_nofs.h +++ b/zephyr/samples/tests/wolfssl_user_settings_nofs.h @@ -28,6 +28,9 @@ extern "C" { #undef WOLFSSL_ZEPHYR #define WOLFSSL_ZEPHYR +#undef WOLFSSL_WOLFSSH +#define WOLFSSL_WOLFSSH + #undef TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT