options: Introduce new options for handling rekey limits

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-01 18:35:12 +01:00 · 2018-11-01 18:35:12 +01:00 · e973f95b37
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@ -406,6 +406,8 @@ enum ssh_options_e {
  SSH_OPTIONS_NODELAY,
  SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
  SSH_OPTIONS_PROCESS_CONFIG,
+  SSH_OPTIONS_REKEY_DATA,
+  SSH_OPTIONS_REKEY_TIME,
 };

 enum {
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@ -222,6 +222,8 @@ struct ssh_session_struct {
        int nodelay;
        bool config_processed;
        uint8_t options_seen[SOC_MAX];
+        uint64_t rekey_data;
+        uint32_t rekey_time;
    } opts;
    /* counters */
    ssh_counter socket_counter;
--- a/src/options.c
+++ b/src/options.c
@ -475,6 +475,16 @@ int ssh_options_set_algo(ssh_session session,
 *                automatically uses these configuration files unless
 *                you provide it with this option or with different file (bool).
 *
+ *              - SSH_OPTIONS_REKEY_DATA
+ *                Set the data limit that can be transferred with a single
+ *                key in bytes. RFC 4253 Section 9 recommends 1GB of data
+ *                (uint64_t, 0=off)
+ *
+ *              - SSH_OPTIONS_REKEY_TIME
+ *                Set the time limit for a session before intializing a rekey
+ *                in seconds. RFC 4253 Section 9 recommends one hour.
+ *                (uint32_t, 0=off)
+ *
 * @param  value The value to set. This is a generic pointer and the
 *               datatype which is used should be set according to the
 *               type set.
@ -1012,6 +1022,30 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                session->opts.config_processed = !(*x);
            }
            break;
+        case SSH_OPTIONS_REKEY_DATA:
+            if (value == NULL) {
+                ssh_set_error_invalid(session);
+                return -1;
+            } else {
+                uint64_t *x = (uint64_t *)value;
+                session->opts.rekey_data = *x;
+            }
+            break;
+        case SSH_OPTIONS_REKEY_TIME:
+            if (value == NULL) {
+                ssh_set_error_invalid(session);
+                return -1;
+            } else {
+                uint32_t *x = (uint32_t *)value;
+                if ((*x * 1000) < *x) {
+                    ssh_set_error(session, SSH_REQUEST_DENIED,
+                                  "The provided value (%" PRIu32 ") for rekey"
+                                  " time is too large", *x);
+                    return -1;
+                }
+                session->opts.rekey_time = (*x) * 1000;
+            }
+            break;
        default:
            ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
            return -1;