This includes intercepting the ext-info-c string from
the client kex proposal, configuring the server to allow using
this extension and sending the SSH_MSG_EXT_INFO packet back
to the client after the new keys are in use.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Verify the PUBLICKEY_ACCEPTED_TYPES option is handled correctly
and affects the signature algorithm selection based on the
extensions and can be used to limit list of offered mechanisms
to the server.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This effectively allows to disable using the SHA2 extension, disable
other old public key mechanisms out of the box (hello DSA) or force
the new SHA2-based key algorithm types if needed.
This exposes the default_methods array from kex.c.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This option allows to specify acceptable public key algorithms
and reflects the PubkeyAcceptedTypes configuration option from
OpenSSH.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The new constants for flags are defined in draft-miller-ssh-agent-02
are active if the SHA2 extension is negotiated with the server.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* This change introduces a new API to request signature using
one key and different hash algorithms. This is used only with
RSA keys, that used to have SHA1 hardcoded, but the new
algorithsms allow to use the SHA2 hashes, if the extension
is negotiated.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This changes the private API by adding one more argument to function
pki_signature_from_blob()
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
RFC 8308: The extension negotiation in Secure Shell (SSH) Protocol
RFC 8332: Use of RSA Keys with SHA-256 and SHA-512
in the Secure Shell (SSH) Protocol
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This changes the condition to use the static error check mutex
initializer. If it is not available, use the default static mutex
initializer.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Added Windows threads implementation based on CriticalSection.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This makes unnecessary to call ssh_init() when the library is
dynamically loaded. Also removes the threads shared library. The used
threads implementation is chosen in configuration time, changing the
ssh_threads_get_default() depending on the available threads library.
Internally, it is expected a threads implementation providing:
- void ssh_mutex_lock(void **mutex);
- void ssh_mutex_unlock(void **mutex);
- struct ssh_threads_callbacks_struct *ssh_threads_get_default(void);
and a crypto implementation providing:
- int crypto_thread_init(struct ssh_threads_callbacks_struct *user_callbacks);
- void crypto_thread_finalize(void);
This adds internal threads implementation for pthreads and noop.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Add a small helper for ssh_buffer to ensure that the buffer has a
certain amount of space already preallocated. This can be useful in case
it is known how much data is going to be added to a buffer, to avoid
multiple reallocations.
Make use of it in few places in the library.
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
If you want modelines use my vim plugin:
https://github.com/cryptomilk/git-modeline.vim
git config --add vim.modeline "ts=4 sw=4 et"
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Thanks to Tilo Eckart.
The global variable "ge25519_base" is referenced in the module
"src/external/ed25519.c" and initialized in "src/external/ge25519.c".
The lack of the extern keyword in the header results in different
instances being compiled into both translation units with some
compilers.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>