diff options
author | Jakub Jelen <jjelen@redhat.com> | 2018-07-03 16:16:25 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-08-31 14:18:34 +0200 |
commit | 6fa5e8adb0f35c4c90067d81967a38f57ebaec67 (patch) | |
tree | 1bb10c02716bccf1559ff5a29321dba675f8ad72 /src/server.c | |
parent | 60ad7ee15dc23c16d4827ee8eff7d228e13982cd (diff) | |
download | libssh-6fa5e8adb0f35c4c90067d81967a38f57ebaec67.tar.gz libssh-6fa5e8adb0f35c4c90067d81967a38f57ebaec67.tar.xz libssh-6fa5e8adb0f35c4c90067d81967a38f57ebaec67.zip |
server: Support for extension negotiation
This includes intercepting the ext-info-c string from
the client kex proposal, configuring the server to allow using
this extension and sending the SSH_MSG_EXT_INFO packet back
to the client after the new keys are in use.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/server.c')
-rw-r--r-- | src/server.c | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/src/server.c b/src/server.c index 8984e6a0..dfabbe83 100644 --- a/src/server.c +++ b/src/server.c @@ -67,7 +67,6 @@ static int dh_handshake_server(ssh_session session); - /** * @addtogroup libssh_server * @@ -194,6 +193,37 @@ static int ssh_server_kexdh_init(ssh_session session, ssh_buffer packet){ return SSH_OK; } +static int ssh_server_send_extensions(ssh_session session) { + int rc; + const char *hostkey_algorithms; + + SSH_LOG(SSH_LOG_PACKET, "Sending SSH_MSG_EXT_INFO"); + /* + * We can list here all the default hostkey methods, since + * they already contain the SHA2 extension algorithms + */ + hostkey_algorithms = ssh_kex_get_default_methods(SSH_HOSTKEYS); + rc = ssh_buffer_pack(session->out_buffer, + "bdss", + SSH2_MSG_EXT_INFO, + 1, /* nr. of extensions */ + "server-sig-algs", + hostkey_algorithms); + if (rc != SSH_OK) { + goto error; + } + + if (ssh_packet_send(session) == SSH_ERROR) { + goto error; + } + + return 0; +error: + ssh_buffer_reinit(session->out_buffer); + + return -1; +} + SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){ int rc = SSH_ERROR; (void)type; @@ -486,6 +516,15 @@ static void ssh_server_connection_callback(ssh_session session){ session->session_state=SSH_SESSION_STATE_AUTHENTICATING; if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) session->session_state = SSH_SESSION_STATE_AUTHENTICATED; + + /* + * If the client supports extension negotiation, we will send + * our supported extensions now. This is the first message after + * sending NEWKEYS message and after turning on crypto. + */ + if (session->extensions) { + ssh_server_send_extensions(session); + } } break; case SSH_SESSION_STATE_AUTHENTICATING: |