Add options support for setting and getting HMAC algorithms

BUG: https://red.libssh.org/issues/91

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

include/libssh/libssh.h

@@ -342,6 +342,8 @@ enum ssh_options_e {
   SSH_OPTIONS_GSSAPI_SERVER_IDENTITY,
   SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY,
   SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS,
+  SSH_OPTIONS_HMAC_C_S,
+  SSH_OPTIONS_HMAC_S_C,
 };
 
 enum {
@@ -657,6 +659,8 @@ LIBSSH_API const char* ssh_get_clientbanner(ssh_session session);
 LIBSSH_API const char* ssh_get_serverbanner(ssh_session session);
 LIBSSH_API const char* ssh_get_cipher_in(ssh_session session);
 LIBSSH_API const char* ssh_get_cipher_out(ssh_session session);
+LIBSSH_API const char* ssh_get_hmac_in(ssh_session session);
+LIBSSH_API const char* ssh_get_hmac_out(ssh_session session);
 
 #ifndef LIBSSH_LEGACY_0_4
 #include "libssh/legacy.h"

include/libssh/wrapper.h

@@ -97,5 +97,6 @@ void crypto_free(struct ssh_crypto_struct *crypto);
 void ssh_reseed(void);
 
 struct ssh_hmac_struct *ssh_get_hmactab(void);
+const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type);
 
 #endif /* WRAPPER_H_ */

src/options.c

@@ -716,6 +716,26 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                     return -1;
             }
             break;
+        case SSH_OPTIONS_HMAC_C_S:
+            v = value;
+            if (v == NULL || v[0] == '\0') {
+                ssh_set_error_invalid(session);
+                return -1;
+            } else {
+                if (ssh_options_set_algo(session, SSH_MAC_C_S, v) < 0)
+                    return -1;
+            }
+            break;
+         case SSH_OPTIONS_HMAC_S_C:
+            v = value;
+            if (v == NULL || v[0] == '\0') {
+                ssh_set_error_invalid(session);
+                return -1;
+            } else {
+                if (ssh_options_set_algo(session, SSH_MAC_S_C, v) < 0)
+                    return -1;
+            }
+            break;
         case SSH_OPTIONS_COMPRESSION_C_S:
             v = value;
             if (v == NULL || v[0] == '\0') {

src/session.c

@@ -311,7 +311,7 @@ const char* ssh_get_serverbanner(ssh_session session) {
 }
 
 /**
- * @brief get the name of the input for the given session.
+ * @brief get the name of the input cipher for the given session.
  *
  * @param[in] session The SSH session.
  *
@@ -342,6 +342,36 @@ const char* ssh_get_cipher_out(ssh_session session) {
     return NULL;
 }
 
+/**
+ * @brief get the name of the input HMAC algorithm for the given session.
+ *
+ * @param[in] session The SSH session.
+ *
+ * @return Returns HMAC algorithm name or NULL if unknown.
+ */
+const char* ssh_get_hmac_in(ssh_session session) {
+    if ((session != NULL) &&
+        (session->current_crypto != NULL)) {
+        return ssh_hmac_type_to_string(session->current_crypto->in_hmac);
+    }
+    return NULL;
+}
+
+/**
+ * @brief get the name of the output HMAC algorithm for the given session.
+ *
+ * @param[in] session The SSH session.
+ *
+ * @return Returns HMAC algorithm name or NULL if unknown.
+ */
+const char* ssh_get_hmac_out(ssh_session session) {
+    if ((session != NULL) &&
+        (session->current_crypto != NULL)) {
+        return ssh_hmac_type_to_string(session->current_crypto->out_hmac);
+    }
+    return NULL;
+}
+
 /**
  * @brief Disconnect impolitely from a remote host by closing the socket.
  *

src/wrapper.c

@@ -78,6 +78,16 @@ size_t hmac_digest_len(enum ssh_hmac_e type) {
   }
 }
 
+const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type)
+{
+  int i = 0;
+  struct ssh_hmac_struct *ssh_hmactab = ssh_get_hmactab();
+  while (ssh_hmactab[i].name && (ssh_hmactab[i].hmac_type != hmac_type)) {
+    i++;
+  }
+  return ssh_hmactab[i].name;
+}
+
 /* it allocates a new cipher structure based on its offset into the global table */
 static struct ssh_cipher_struct *cipher_new(int offset) {
   struct ssh_cipher_struct *cipher = NULL;