upstream commit

implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
 (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
 draft-ssh-ext-info-04.txt; with & ok djm@

Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309

1 files changed, 75 insertions, 7 deletions

diff --git a/kex.c b/kex.c
index b409f276b..c1371c432 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.112 2015/11/13 04:39:35 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.113 2015/12/04 16:41:28 markus Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -334,6 +334,20 @@ kex_reset_dispatch(struct ssh *ssh)
 	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
 }
 
+static int
+kex_send_ext_info(struct ssh *ssh)
+{
+	int r;
+
+	if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 ||
+	    (r = sshpkt_put_u32(ssh, 1)) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, "rsa-sha2-256,rsa-sha2-512")) != 0 ||
+	    (r = sshpkt_send(ssh)) != 0)
+		return r;
+	return 0;
+}
+
 int
 kex_send_newkeys(struct ssh *ssh)
 {
@@ -346,9 +360,51 @@ kex_send_newkeys(struct ssh *ssh)
 	debug("SSH2_MSG_NEWKEYS sent");
 	debug("expecting SSH2_MSG_NEWKEYS");
 	ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_input_newkeys);
+	if (ssh->kex->ext_info_c)
+		if ((r = kex_send_ext_info(ssh)) != 0)
+			return r;
 	return 0;
 }
 
+int
+kex_input_ext_info(int type, u_int32_t seq, void *ctxt)
+{
+	struct ssh *ssh = ctxt;
+	struct kex *kex = ssh->kex;
+	u_int32_t i, ninfo;
+	char *name, *val, *found;
+	int r;
+
+	debug("SSH2_MSG_EXT_INFO received");
+	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error);
+	if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0)
+		return r;
+	for (i = 0; i < ninfo; i++) {
+		if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0)
+			return r;
+		if ((r = sshpkt_get_cstring(ssh, &val, NULL)) != 0) {
+			free(name);
+			return r;
+		}
+		debug("%s: %s=<%s>", __func__, name, val);
+		if (strcmp(name, "server-sig-algs") == 0) {
+			found = match_list("rsa-sha2-256", val, NULL);
+			if (found) {
+				kex->rsa_sha2 = 256;
+				free(found);
+			}
+			found = match_list("rsa-sha2-512", val, NULL);
+			if (found) {
+				kex->rsa_sha2 = 512;
+				free(found);
+			}
+		}
+		free(name);
+		free(val);
+	}
+	return sshpkt_get_end(ssh);
+}
+
 static int
 kex_input_newkeys(int type, u_int32_t seq, void *ctxt)
 {
@@ -531,6 +587,8 @@ kex_free(struct kex *kex)
 	free(kex->client_version_string);
 	free(kex->server_version_string);
 	free(kex->failed_choice);
+	free(kex->hostkey_alg);
+	free(kex->name);
 	free(kex);
 }
 
@@ -627,17 +685,16 @@ choose_kex(struct kex *k, char *client, char *server)
 static int
 choose_hostkeyalg(struct kex *k, char *client, char *server)
 {
-	char *hostkeyalg = match_list(client, server, NULL);
+	k->hostkey_alg = match_list(client, server, NULL);
 
 	debug("kex: host key algorithm: %s",
-	    hostkeyalg ? hostkeyalg : "(no match)");
-	if (hostkeyalg == NULL)
+	    k->hostkey_alg ? k->hostkey_alg : "(no match)");
+	if (k->hostkey_alg == NULL)
 		return SSH_ERR_NO_HOSTKEY_ALG_MATCH;
-	k->hostkey_type = sshkey_type_from_name(hostkeyalg);
+	k->hostkey_type = sshkey_type_from_name(k->hostkey_alg);
 	if (k->hostkey_type == KEY_UNSPEC)
 		return SSH_ERR_INTERNAL_ERROR;
-	k->hostkey_nid = sshkey_ecdsa_nid_from_name(hostkeyalg);
-	free(hostkeyalg);
+	k->hostkey_nid = sshkey_ecdsa_nid_from_name(k->hostkey_alg);
 	return 0;
 }
 
@@ -702,6 +759,17 @@ kex_choose_conf(struct ssh *ssh)
 		}
 	}
 
+	/* Check whether client supports ext_info_c */
+	if (kex->server) {
+		char *ext;
+
+		ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL);
+		if (ext) {
+			kex->ext_info_c = 1;
+			free(ext);
+		}
+	}
+
 	/* Algorithm Negotiation */
 	if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],
 	    sprop[PROPOSAL_KEX_ALGS])) != 0) {