Merge pull request #729 from ejohnstown/new-kdf

Use wolfCrypt SSHv2 KDF

Author: dgarske

src/internal.c

@@ -48,6 +48,12 @@
 #include <wolfssl/wolfcrypt/hmac.h>
 #include <wolfssl/wolfcrypt/signature.h>
 
+#if (LIBWOLFSSL_VERSION_HEX >= WOLFSSL_V5_0_0) \
+    && ((defined(HAVE_FIPS) && FIPS_VERSION_GE(5,2)) \
+        || defined(WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256))
+    #include <wolfssl/wolfcrypt/kdf.h>
+#endif
+
 #ifdef WOLFSSH_HAVE_LIBOQS
 #include <oqs/kem.h>
 #endif
@@ -456,6 +462,9 @@ const char* GetErrorString(int err)
         case WS_AUTH_PENDING:
             return "userauth is still pending (callback would block)";
 
+        case WS_KDF_E:
+            return "KDF error";
+
         default:
             return "Unknown error code";
     }
@@ -2164,6 +2173,32 @@ int GenerateKey(byte hashId, byte keyId,
                 const byte* h, word32 hSz,
                 const byte* sessionId, word32 sessionIdSz,
                 byte doKeyPad)
+#if (LIBWOLFSSL_VERSION_HEX >= WOLFSSL_V5_0_0) \
+    && ((defined(HAVE_FIPS) && FIPS_VERSION_GE(5,2)) \
+        || defined(WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256))
+/* Cannot use the SSH KDF with Kyber. With Kyber, doKeyPad must be false,
+ * and the FIPS SSH KDF doesn't handle no-padding. Also, the Kyber algorithm
+ * isn't in our FIPS boundary. */
+{
+    int ret = WS_SUCCESS;
+
+    if (!doKeyPad) {
+        WLOG(WS_LOG_ERROR, "cannot use FIPS KDF with Kyber");
+        ret = WS_INVALID_ALGO_ID;
+    }
+    else {
+        PRIVATE_KEY_UNLOCK();
+        ret = wc_SSH_KDF(hashId, keyId, key, keySz,
+                k, kSz, h, hSz, sessionId, sessionIdSz);
+        PRIVATE_KEY_LOCK();
+        if (ret != 0) {
+            WLOG(WS_LOG_ERROR, "SSH KDF failed (%d)", ret);
+            ret = WS_KDF_E;
+        }
+    }
+    return ret;
+}
+#else
 {
     word32 blocks, remainder;
     wc_HashAlg hash;
@@ -2174,12 +2209,13 @@ int GenerateKey(byte hashId, byte keyId,
     int digestSz;
     int ret;
 
+    WLOG(WS_LOG_DEBUG, "Entering GenerateKey()");
+
     if (key == NULL || keySz == 0 ||
         k == NULL || kSz == 0 ||
         h == NULL || hSz == 0 ||
         sessionId == NULL || sessionIdSz == 0) {
 
-        WLOG(WS_LOG_DEBUG, "GK: bad argument");
         return WS_BAD_ARGUMENT;
     }
 
@@ -2274,6 +2310,7 @@ int GenerateKey(byte hashId, byte keyId,
 
     return ret;
 }
+#endif /* HAVE_FIPS && LIBWOLFSSL_VERSION_HEX >= WOLFSSL_V5_7_2 */
 
 
 static int GenerateKeys(WOLFSSH* ssh, byte hashId, byte doKeyPad)

wolfssh/error.h

@@ -135,8 +135,9 @@ enum WS_ErrorCodes {
     WS_MSGID_NOT_ALLOWED_E  = -1094, /* Message not allowed before userauth */
     WS_ED25519_E            = -1095, /* Ed25519 failure */
     WS_AUTH_PENDING         = -1096, /* User authentication still pending */
+    WS_KDF_E                = -1097, /* KDF error*/
 
-    WS_LAST_E               = -1096  /* Update this to indicate last error */
+    WS_LAST_E               = -1097  /* Update this to indicate last error */
 };
 
 

wolfssh/internal.h

@@ -1352,7 +1352,9 @@ enum TerminalModes {
 #endif /* WOLFSSH_TERM */
 
 
+#define WOLFSSL_V5_0_0 0x05000000
 #define WOLFSSL_V5_7_0 0x05007000
+#define WOLFSSL_V5_7_2 0x05007002
 
 
 #ifdef __cplusplus

zephyr/samples/tests/wolfssl_user_settings.h

@@ -28,6 +28,9 @@ extern "C" {
 #undef  WOLFSSL_ZEPHYR
 #define WOLFSSL_ZEPHYR
 
+#undef  WOLFSSL_WOLFSSH
+#define WOLFSSL_WOLFSSH
+
 #undef  TFM_TIMING_RESISTANT
 #define TFM_TIMING_RESISTANT
 

zephyr/samples/tests/wolfssl_user_settings_nofs.h

@@ -28,6 +28,9 @@ extern "C" {
 #undef  WOLFSSL_ZEPHYR
 #define WOLFSSL_ZEPHYR
 
+#undef  WOLFSSL_WOLFSSH
+#define WOLFSSL_WOLFSSH
+
 #undef  TFM_TIMING_RESISTANT
 #define TFM_TIMING_RESISTANT