Mercurial > dropbear

comparison svr-kex.c @ 1683:41bf8f216644

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge rsa-sha256
author Matt Johnston <matt@ucc.asn.au>
date Tue, 26 May 2020 00:24:02 +0800
parents 435cfb9ec96e
children 284c3837891c
comparison
equal deleted inserted replaced
1673:e0871128e61f 1683:41bf8f216644
36 #include "runopts.h" 36 #include "runopts.h"
37 #include "ecc.h" 37 #include "ecc.h"
38 #include "gensignkey.h" 38 #include "gensignkey.h"
39 39
40 static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs); 40 static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs);
41 #if DROPBEAR_EXT_INFO
42 static void send_msg_ext_info(void);
43 #endif
41 44
42 /* Handle a diffie-hellman key exchange initialisation. This involves 45 /* Handle a diffie-hellman key exchange initialisation. This involves
43 * calculating a session key reply value, and corresponding hash. These 46 * calculating a session key reply value, and corresponding hash. These
44 * are carried out by send_msg_kexdh_reply(). recv_msg_kexdh_init() calls 47 * are carried out by send_msg_kexdh_reply(). recv_msg_kexdh_init() calls
45 * that function, then brings the new keys into use */ 48 * that function, then brings the new keys into use */
46 void recv_msg_kexdh_init() { 49 void recv_msg_kexdh_init() {
47
48 DEF_MP_INT(dh_e); 50 DEF_MP_INT(dh_e);
49 buffer *ecdh_qs = NULL; 51 buffer *ecdh_qs = NULL;
50 52
51 TRACE(("enter recv_msg_kexdh_init")) 53 TRACE(("enter recv_msg_kexdh_init"))
52 if (!ses.kexstate.recvkexinit) { 54 if (!ses.kexstate.recvkexinit) {
84 buf_free(ecdh_qs); 86 buf_free(ecdh_qs);
85 ecdh_qs = NULL; 87 ecdh_qs = NULL;
86 } 88 }
87 89
88 send_msg_newkeys(); 90 send_msg_newkeys();
91
92 #if DROPBEAR_EXT_INFO
93 /* Only send it following the first newkeys */
94 if (!ses.kexstate.donesecondkex && ses.allow_ext_info) {
95 send_msg_ext_info();
96 }
97 #endif
98
89 ses.requirenext = SSH_MSG_NEWKEYS; 99 ses.requirenext = SSH_MSG_NEWKEYS;
90 TRACE(("leave recv_msg_kexdh_init")) 100 TRACE(("leave recv_msg_kexdh_init"))
91 } 101 }
92 102
93 103
232 #endif 242 #endif
233 } 243 }
234 244
235 /* calc the signature */ 245 /* calc the signature */
236 buf_put_sign(ses.writepayload, svr_opts.hostkey, 246 buf_put_sign(ses.writepayload, svr_opts.hostkey,
237 ses.newkeys->algo_hostkey, ses.hash); 247 ses.newkeys->algo_signature, ses.hash);
238 248
239 /* the SSH_MSG_KEXDH_REPLY is done */ 249 /* the SSH_MSG_KEXDH_REPLY is done */
240 encrypt_packet(); 250 encrypt_packet();
241 251
242 TRACE(("leave send_msg_kexdh_reply")) 252 TRACE(("leave send_msg_kexdh_reply"))
243 } 253 }
244 254
255 #if DROPBEAR_EXT_INFO
256 /* Only used for server-sig-algs on the server side */
257 static void send_msg_ext_info(void) {
258 TRACE(("enter send_msg_ext_info"))
259
260 buf_putbyte(ses.writepayload, SSH_MSG_EXT_INFO);
261 /* nr-extensions */
262 buf_putint(ses.writepayload, 1);
263
264 buf_putstring(ses.writepayload, SSH_SERVER_SIG_ALGS, strlen(SSH_SERVER_SIG_ALGS));
265 buf_put_algolist_all(ses.writepayload, sigalgs, 1);
266
267 encrypt_packet();
268
269 TRACE(("leave send_msg_ext_info"))
270 }
271 #endif