Rekeying

README.md

@@ -3,6 +3,24 @@ wolfssh
 
 wolfSSL's Embeddable SSH Server
 
+dependencies
+------------
+
+wolfSSH is dependent on wolfCrypt. The simplest configuration of wolfSSL
+required for wolfSSH is the default build.
+
+    $ cd wolfssl
+    $ ./configure [OPTIONS]
+    $ make check
+    $ sudo make install
+
+To use the key generation function in wolfSSH, wolfSSL will need to be
+configured with keygen: `--enable-keygen`.
+
+If the bulk of wolfSSL code isn't desired, wolfSSL can be configured with
+the crypto only option: `--enable-cryptonly`.
+
+
 building
 --------
 
@@ -17,6 +35,7 @@ The `autogen.sh` script only has to be run the first time after cloning the
 repository. If you have already run it or are using code from a source
 archive, you should skip it.
 
+
 examples
 --------
 
@@ -38,13 +57,14 @@ The server will send a canned banner to the client:
 Characters typed into the client will be echoed to the screen by the server.
 If the characters are echoed twice, the client has local echo enabled.
 
+
 testing notes
 -------------
 
 After cloning the repository, be sure to make the testing private keys read-
 only for the user, otherwise ssh_client will tell you to do it.
 
-    $ chmod 0600 ./certs/key-gretel.pem ./certs/key-hansel.pem
+    $ chmod 0600 ./keys/key-gretel.pem ./keys/key-hansel.pem
 
 Authentication against the example echoserver can be done with a password or
 public key. To use a password the command line:
@@ -58,40 +78,14 @@ Where the `USER` and password pairs are:
 
 To use public key authentication use the command line:
 
-    $ ssh_client -i ./certs/key-USER.pem -p 22222 USER@localhost
+    $ ssh_client -i ./keys/key-USER.pem -p 22222 USER@localhost
 
 Where the user can be `gretel` or `hansel`.
 
 
-coding standard
----------------
-
-1. Exceptions are allowed with good reason.
-
-2. Follow the existing style.
-
-3. Try not to shorthand variables, except for ijk as indicies.
-
-4. Lengths of arrays should have the array name followed by Sz.
-
-5. Single return per function.
-
-6. Check all incoming parameters.
-
-7. No gotos.
-
-8. Check all return codes. It feels a little tedious, but the preferred method
-is running checks against success. This way if a function returns an error, the
-code will drop to the end.
-
-```
-    ret = functionCall(parameter);
-    if (ret == SUCCESS)
-        ret = secondFunctionCall(otherParameter);
-    if (ret == SUCCESS)
-        ret = thirdFunctionCall(aParameter, anotherParameter);
-    cleanUp();
-    return ret;
-```
+release notes
+-------------
 
+### wolfSSH v1.0.0 (10/24/2016)
 
+Initial release.

configure.ac

@@ -2,7 +2,7 @@
 # Copyright (C) 2014-2016 wolfSSL Inc.
 # All right reserved.
 
-AC_INIT([wolfssh], [0.2.0], [http://wolfssl.com], [wolfssh])
+AC_INIT([wolfssh], [1.0.0], [http://wolfssl.com], [wolfssh])
 AC_PREREQ([2.63])
 AC_CONFIG_AUX_DIR([build-aux])
 
@@ -17,18 +17,18 @@ AC_ARG_PROGRAM
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([src/config.h])
 
-WOLFSSH_LIBRARY_VERSION=1:2:0
-#                      | | |
-#               +------+ | +---+
-#               |        |     |
-#              current:revision:age
-#               |        |     |
-#               |        |     +- increment if interfaces have been added
-#               |        |        set to zero if interfaces have been removed
-#               |        |        or changed
-#               |        +- increment if source code has changed
-#               |           set to zero if current is incremented
-#               +- increment if interfaces have been added, removed or changed
+WOLFSSH_LIBRARY_VERSION=2:0:1
+#                       | | |
+#                +------+ | +---+
+#                |        |     |
+#               current:revision:age
+#                |        |     |
+#                |        |     +- increment if interfaces have been added
+#                |        |        set to zero if interfaces have been removed
+#                |        |        or changed
+#                |        +- increment if source code has changed
+#                |           set to zero if current is incremented
+#                +- increment if interfaces have been added, removed or changed
 AC_SUBST([WOLFSSH_LIBRARY_VERSION])
 
 LT_PREREQ([2.2])
@@ -105,6 +105,8 @@ AC_ARG_ENABLE([keygen],
 AS_IF([test "x$ENABLED_KEYGEN" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSH_KEYGEN"])
 
+AM_CONDITIONAL([BUILD_KEYGEN], [test "x$ENABLED_KEYGEN" = "xyes"])
+
 
 # Checks for typedefs, structures, and compiler characteristics.
 if test "$ac_cv_sizeof_long" = "8"; then

examples/echoserver/echoserver.c

@@ -92,8 +92,11 @@ typedef struct {
 } thread_ctx_t;
 
 
-#ifndef DEFAULT_HIGHWATER_MARK
-    #define DEFAULT_HIGHWATER_MARK 0
+#ifndef EXAMPLE_HIGHWATER_MARK
+    #define EXAMPLE_HIGHWATER_MARK 0x3FFF8000 /* 1GB - 32kB */
+#endif
+#ifndef EXAMPLE_BUFFER_SZ
+    #define EXAMPLE_BUFFER_SZ 4096
 #endif
 
 
@@ -284,23 +287,54 @@ static THREAD_RETURN CYASSL_THREAD server_worker(void* vArgs)
     WOLFSSH* ssh = (WOLFSSH*)vArgs;
     SOCKET_T clientFd = wolfSSH_get_fd(ssh);
 
-    uint8_t buf[4096];
-    int bufSz;
-
     if (wolfSSH_accept(ssh) == WS_SUCCESS) {
-
-        while (1) {
-            bufSz = wolfSSH_stream_read(ssh, buf, sizeof(buf));
-            if (bufSz > 0) {
-                wolfSSH_stream_send(ssh, buf, bufSz);
-                if (find_char(0x03, buf, bufSz))
-                    break;
-            }
-            else {
-                printf("wolfSSH_stream_read returned %d\n", bufSz);
-                break;
+        uint8_t* buf = NULL;
+        uint8_t* tmpBuf;
+        int bufSz, backlogSz = 0, rxSz, txSz, stop = 0, txSum;
+
+        do {
+            bufSz = EXAMPLE_BUFFER_SZ + backlogSz;
+
+            tmpBuf = realloc(buf, bufSz);
+            if (tmpBuf == NULL)
+                stop = 1;
+            else
+                buf = tmpBuf;
+
+            if (!stop) {
+                rxSz = wolfSSH_stream_read(ssh,
+                                           buf + backlogSz,
+                                           EXAMPLE_BUFFER_SZ);
+                if (rxSz > 0) {
+                    backlogSz += rxSz;
+                    txSum = 0;
+                    txSz = 0;
+
+                    while (backlogSz != txSum && txSz >= 0 && !stop) {
+                        txSz = wolfSSH_stream_send(ssh,
+                                                   buf + txSum,
+                                                   backlogSz - txSum);
+
+                        if (txSz > 0) {
+                            if (find_char(0x03, buf + txSum, txSz))
+                                stop = 1;
+                            else
+                                txSum += txSz;
+                        }
+                        else if (txSz != WS_REKEYING)
+                            stop = 1;
+                    }
+
+                    if (txSum < backlogSz)
+                        memmove(buf, buf + txSum, backlogSz - txSum);
+                    backlogSz -= txSum;
+                }
+                else
+                    stop = 1;
             }
-        }
+        } while (!stop);
+
+        free(buf);
     }
     close(clientFd);
     wolfSSH_free(ssh);
@@ -592,29 +626,12 @@ static int wsUserAuth(uint8_t authType,
 }
 
 
-static int wsHighwater(uint8_t side, void* ctx)
-{
-    if (ctx) {
-        WOLFSSH* ssh = (WOLFSSH*)ctx;
-        uint32_t highwaterMark = wolfSSH_GetHighwater(ssh);
-
-        printf("HIGHWATER ALERT: (%u) %s\n", highwaterMark,
-                (side == WOLFSSH_HWSIDE_RECEIVE) ? "receive" : "transmit");
-        highwaterMark *= 2;
-        printf("  Doubling the highwater mark to %u.\n", highwaterMark);
-        wolfSSH_SetHighwater(ssh, highwaterMark);
-    }
-
-    return 0;
-}
-
-
 int main(void)
 {
     WOLFSSH_CTX* ctx = NULL;
     PwMapList pwMapList;
     SOCKET_T listenFd = 0;
-    uint32_t defaultHighwater = DEFAULT_HIGHWATER_MARK;
+    uint32_t defaultHighwater = EXAMPLE_HIGHWATER_MARK;
 
     #ifdef DEBUG_WOLFSSH
         wolfSSH_Debugging_ON();
@@ -633,8 +650,6 @@ int main(void)
 
     memset(&pwMapList, 0, sizeof(pwMapList));
     wolfSSH_SetUserAuth(ctx, wsUserAuth);
-    if (defaultHighwater > 0)
-        wolfSSH_SetHighwaterCb(ctx, defaultHighwater, wsHighwater);
 
     {
         uint8_t buf[SCRATCH_BUFFER_SIZE];
@@ -678,8 +693,10 @@ int main(void)
         }
         wolfSSH_SetUserAuthCtx(ssh, &pwMapList);
         /* Use the session object for its own highwater callback ctx */
-        if (defaultHighwater > 0)
+        if (defaultHighwater > 0) {
             wolfSSH_SetHighwaterCtx(ssh, (void*)ssh);
+            wolfSSH_SetHighwater(ssh, defaultHighwater);
+        }
 
         if (listen(listenFd, 5) != 0)
             err_sys("tcp listen failed");

notes.md

@@ -0,0 +1,35 @@
+wolfssh notes
+=============
+
+coding standard
+---------------
+
+1. Exceptions are allowed with good reason.
+
+2. Follow the existing style.
+
+3. Try not to shorthand variables, except for ijk as indicies.
+
+4. Lengths of arrays should have the array name followed by Sz.
+
+5. Single return per function.
+
+6. Check all incoming parameters.
+
+7. No gotos.
+
+8. Check all return codes. It feels a little tedious, but the preferred method
+is running checks against success. This way if a function returns an error, the
+code will drop to the end.
+
+```
+    ret = functionCall(parameter);
+    if (ret == SUCCESS)
+        ret = secondFunctionCall(otherParameter);
+    if (ret == SUCCESS)
+        ret = thirdFunctionCall(aParameter, anotherParameter);
+    cleanUp();
+    return ret;
+```
+
+

src/include.am

@@ -6,7 +6,6 @@
 lib_LTLIBRARIES+=  src/libwolfssh.la
 src_libwolfssh_la_SOURCES = src/ssh.c \
                             src/internal.c \
-                            src/keygen.c \
                             src/memory.c \
                             src/log.c \
                             src/io.c \
@@ -20,3 +19,7 @@ EXTRA_DIST +=
 if !BUILD_INLINE
 src_libwolfssh_la_SOURCES += src/misc.c
 endif
+
+if BUILD_KEYGEN
+src_libwolfssh_la_SOURCES += src/keygen.c
+endif