From e617e20e7af0a2447db03a54f9054165fab9456a Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 4 Mar 2024 01:52:17 -0700 Subject: [PATCH 1/2] example set key algos --- examples/client/client.c | 68 +++++++++++++++++++++++++++++++- examples/echoserver/echoserver.c | 14 ++++++- 2 files changed, 80 insertions(+), 2 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 9fed6fac2..f089bc58c 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -117,6 +117,8 @@ static void ShowUsage(void) printf(" -A filename for DER CA certificate to verify host\n"); printf(" -X Ignore IP checks on peer vs peer certificate\n"); #endif + printf(" -E List all possible algos\n"); + printf(" -k set the list of key algos to use\n"); } @@ -624,7 +626,9 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args) const char* password = NULL; const char* cmd = NULL; const char* privKeyName = NULL; + const char* keyList = NULL; byte imExit = 0; + byte listAlgos = 0; byte nonBlock = 0; byte keepOpen = 0; #ifdef USE_WINDOWS_API @@ -641,7 +645,7 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args) (void)keepOpen; - while ((ch = mygetopt(argc, argv, "?ac:h:i:j:p:tu:xzNP:RJ:A:Xe")) != -1) { + while ((ch = mygetopt(argc, argv, "?ac:h:i:j:p:tu:xzNP:RJ:A:XeEk:")) != -1) { switch (ch) { case 'h': host = myoptarg; @@ -701,6 +705,10 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args) #endif #endif + case 'E': + listAlgos = 1; + break; + case 'x': /* exit after successful connection without read/write */ imExit = 1; @@ -710,6 +718,10 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args) nonBlock = 1; break; + case 'k': + keyList = myoptarg; + break; + #if !defined(SINGLE_THREADED) && !defined(WOLFSSL_NUCLEUS) case 'c': cmd = myoptarg; @@ -779,6 +791,12 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args) if (ctx == NULL) err_sys("Couldn't create wolfSSH client context."); + if (keyList) { + if (wolfSSH_CTX_SetAlgoListKey(ctx, NULL) != WS_SUCCESS) { + err_sys("Error setting key list.\n"); + } + } + if (((func_args*)args)->user_auth == NULL) wolfSSH_SetUserAuth(ctx, ClientUserAuth); else @@ -825,6 +843,54 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args) if (ret != WS_SUCCESS) err_sys("Couldn't set the username."); + if (listAlgos) { + word32 idx = 0; + const char* current = NULL; + + printf("KEX:\n"); + do { + current = wolfSSH_QueryKex(&idx); + if (current) { + printf("\t%d: %s\n", idx, current); + } + } while (current != NULL); + printf("Set KEX: %s\n\n", wolfSSH_GetAlgoListKex(ssh)); + + idx = 0; + printf("Key:\n"); + do { + current = wolfSSH_QueryKey(&idx); + if (current) { + printf("\t%d: %s\n", idx, current); + } + } while (current != NULL); + printf("Set Key: %s\n\n", wolfSSH_GetAlgoListKey(ssh)); + + idx = 0; + printf("Cipher:\n"); + do { + current = wolfSSH_QueryCipher(&idx); + if (current) { + printf("\t%d: %s\n", idx, current); + } + } while (current != NULL); + printf("Set Cipher: %s\n\n", wolfSSH_GetAlgoListCipher(ssh)); + + idx = 0; + printf("Mac:\n"); + do { + current = wolfSSH_QueryMac(&idx); + if (current) { + printf("\t%d: %s\n", idx, current); + } + } while (current != NULL); + printf("Set Mac: %s\n", wolfSSH_GetAlgoListMac(ssh)); + + wolfSSH_free(ssh); + wolfSSH_CTX_free(ctx); + return 0; + } + build_addr(&clientAddr, host, port); tcp_socket(&sockFd); ret = connect(sockFd, (const struct sockaddr *)&clientAddr, clientAddrSz); diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 3d9b542e0..9d83e8e87 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -2156,6 +2156,7 @@ static void ShowUsage(void) #ifdef WOLFSSH_CERTS printf(" -a load in a root CA certificate file\n"); #endif + printf(" -k set the list of key algos to use\n"); } @@ -2194,6 +2195,7 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args) WS_SOCKET_T listenFd = WOLFSSH_SOCKET_INVALID; word32 defaultHighwater = EXAMPLE_HIGHWATER_MARK; word32 threadCount = 0; + const char* keyList = NULL; int multipleConnections = 1; int userEcc = 0; int peerEcc = 0; @@ -2215,7 +2217,7 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args) serverArgs->return_code = EXIT_SUCCESS; if (argc > 0) { - const char* optlist = "?1a:d:efEp:R:Ni:j:I:J:K:P:"; + const char* optlist = "?1a:d:efEp:R:Ni:j:I:J:K:P:k:"; myoptind = 0; while ((ch = mygetopt(argc, argv, optlist)) != -1) { switch (ch) { @@ -2237,6 +2239,10 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args) userEcc = 1; break; + case 'k' : + keyList = myoptarg; + break; + case 'E': peerEcc = 1; break; @@ -2332,6 +2338,12 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args) ES_ERROR("Couldn't allocate SSH CTX data.\n"); } + if (keyList) { + if (wolfSSH_CTX_SetAlgoListKey(ctx, keyList) != WS_SUCCESS) { + ES_ERROR("Error setting key list.\n"); + } + } + WMEMSET(&pwMapList, 0, sizeof(pwMapList)); if (serverArgs->user_auth == NULL) wolfSSH_SetUserAuth(ctx, wsUserAuth); From bb9efdcb5c21f861a4a54bcf0bf018d8d3af9f76 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 5 Mar 2024 08:02:06 +0700 Subject: [PATCH 2/2] use WOLFSSL_RETURN_FROM_THREAD in example client --- examples/client/client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/client/client.c b/examples/client/client.c index f089bc58c..51f8d2361 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -888,7 +888,7 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args) wolfSSH_free(ssh); wolfSSH_CTX_free(ctx); - return 0; + WOLFSSL_RETURN_FROM_THREAD(0); } build_addr(&clientAddr, host, port);