aboutsummaryrefslogtreecommitdiff
path: root/src/server.c
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2018-07-03 16:16:25 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-08-31 14:18:34 +0200
commit6fa5e8adb0f35c4c90067d81967a38f57ebaec67 (patch)
tree1bb10c02716bccf1559ff5a29321dba675f8ad72 /src/server.c
parent60ad7ee15dc23c16d4827ee8eff7d228e13982cd (diff)
downloadlibssh-6fa5e8adb0f35c4c90067d81967a38f57ebaec67.tar.gz
libssh-6fa5e8adb0f35c4c90067d81967a38f57ebaec67.tar.xz
libssh-6fa5e8adb0f35c4c90067d81967a38f57ebaec67.zip
server: Support for extension negotiation
This includes intercepting the ext-info-c string from the client kex proposal, configuring the server to allow using this extension and sending the SSH_MSG_EXT_INFO packet back to the client after the new keys are in use. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/server.c')
-rw-r--r--src/server.c41
1 files changed, 40 insertions, 1 deletions
diff --git a/src/server.c b/src/server.c
index 8984e6a0..dfabbe83 100644
--- a/src/server.c
+++ b/src/server.c
@@ -67,7 +67,6 @@
static int dh_handshake_server(ssh_session session);
-
/**
* @addtogroup libssh_server
*
@@ -194,6 +193,37 @@ static int ssh_server_kexdh_init(ssh_session session, ssh_buffer packet){
return SSH_OK;
}
+static int ssh_server_send_extensions(ssh_session session) {
+ int rc;
+ const char *hostkey_algorithms;
+
+ SSH_LOG(SSH_LOG_PACKET, "Sending SSH_MSG_EXT_INFO");
+ /*
+ * We can list here all the default hostkey methods, since
+ * they already contain the SHA2 extension algorithms
+ */
+ hostkey_algorithms = ssh_kex_get_default_methods(SSH_HOSTKEYS);
+ rc = ssh_buffer_pack(session->out_buffer,
+ "bdss",
+ SSH2_MSG_EXT_INFO,
+ 1, /* nr. of extensions */
+ "server-sig-algs",
+ hostkey_algorithms);
+ if (rc != SSH_OK) {
+ goto error;
+ }
+
+ if (ssh_packet_send(session) == SSH_ERROR) {
+ goto error;
+ }
+
+ return 0;
+error:
+ ssh_buffer_reinit(session->out_buffer);
+
+ return -1;
+}
+
SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){
int rc = SSH_ERROR;
(void)type;
@@ -486,6 +516,15 @@ static void ssh_server_connection_callback(ssh_session session){
session->session_state=SSH_SESSION_STATE_AUTHENTICATING;
if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED)
session->session_state = SSH_SESSION_STATE_AUTHENTICATED;
+
+ /*
+ * If the client supports extension negotiation, we will send
+ * our supported extensions now. This is the first message after
+ * sending NEWKEYS message and after turning on crypto.
+ */
+ if (session->extensions) {
+ ssh_server_send_extensions(session);
+ }
}
break;
case SSH_SESSION_STATE_AUTHENTICATING: