static int crypt_set_algorithms1(ssh_session session) {
int i = 0;
struct crypto_struct *ssh_ciphertab=ssh_get_ciphertab();
/* right now, we force 3des-cbc to be taken */
while (ssh_ciphertab[i].name && strcmp(ssh_ciphertab[i].name,
"3des-cbc-ssh1")) {
i++;
}
if (ssh_ciphertab[i].name == NULL) {
ssh_set_error(session, SSH_FATAL, "cipher 3des-cbc-ssh1 not found!");
return -1;
}
session->next_crypto->out_cipher = cipher_new(i);
if (session->next_crypto->out_cipher == NULL) {
ssh_set_error(session, SSH_FATAL, "No space left");
return SSH_ERROR;
}
session->next_crypto->in_cipher = cipher_new(i);
if (session->next_crypto->in_cipher == NULL) {
ssh_set_error(session, SSH_FATAL, "No space left");
return SSH_ERROR;
}
return SSH_OK;
}
/* it allocates a new cipher structure based on its offset into the global table */
static struct ssh_cipher_struct *cipher_new(int offset) {
struct ssh_cipher_struct *cipher = NULL;
cipher = malloc(sizeof(struct ssh_cipher_struct));
if (cipher == NULL) {
return NULL;
}
/* note the memcpy will copy the pointers : so, you shouldn't free them */
memcpy(cipher, &ssh_get_ciphertab()[offset], sizeof(*cipher));
return cipher;
}
int crypt_set_algorithms_server(ssh_session session){
const char *method = NULL;
int i = 0;
struct ssh_cipher_struct *ssh_ciphertab=ssh_get_ciphertab();
struct ssh_hmac_struct *ssh_hmactab=ssh_get_hmactab();
if (session == NULL) {
return SSH_ERROR;
}
/*
* We must scan the kex entries to find crypto algorithms and set their
* appropriate structure
*/
/* out */
method = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
for (i = 0; ssh_ciphertab[i].name != NULL; i++) {
int cmp;
cmp = strcmp(method, ssh_ciphertab[i].name);
if (cmp == 0) {
break;
}
}
if (ssh_ciphertab[i].name == NULL) {
ssh_set_error(session,SSH_FATAL,"crypt_set_algorithms_server : "
"no crypto algorithm function found for %s",method);
return SSH_ERROR;
}
SSH_LOG(SSH_LOG_PACKET,"Set output algorithm %s",method);
session->next_crypto->out_cipher = cipher_new(i);
if (session->next_crypto->out_cipher == NULL) {
ssh_set_error_oom(session);
return SSH_ERROR;
}
i=0;
if (session->next_crypto->out_cipher->aead_encrypt != NULL){
/* this cipher has integrated MAC */
method = "aead-poly1305";
} else {
/* we must scan the kex entries to find hmac algorithms and set their appropriate structure */
/* out */
method = session->next_crypto->kex_methods[SSH_MAC_S_C];
}
/* HMAC algorithm selection */
while (ssh_hmactab[i].name && strcmp(method, ssh_hmactab[i].name)) {
i++;
}
if (ssh_hmactab[i].name == NULL) {
ssh_set_error(session, SSH_FATAL,
"crypt_set_algorithms_server: no hmac algorithm function found for %s",
method);
return SSH_ERROR;
}
SSH_LOG(SSH_LOG_PACKET, "Set HMAC output algorithm to %s", method);
session->next_crypto->out_hmac = ssh_hmactab[i].hmac_type;
/* in */
i=0;
method = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
for (i = 0; ssh_ciphertab[i].name; i++) {
int cmp;
cmp = strcmp(method, ssh_ciphertab[i].name);
if (cmp == 0) {
break;
}
}
if (ssh_ciphertab[i].name == NULL) {
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server :"
"no crypto algorithm function found for %s",method);
return SSH_ERROR;
}
SSH_LOG(SSH_LOG_PACKET,"Set input algorithm %s",method);
session->next_crypto->in_cipher = cipher_new(i);
if (session->next_crypto->in_cipher == NULL) {
ssh_set_error_oom(session);
return SSH_ERROR;
}
i=0;
if (session->next_crypto->in_cipher->aead_encrypt != NULL){
/* this cipher has integrated MAC */
method = "aead-poly1305";
} else {
/* we must scan the kex entries to find hmac algorithms and set their appropriate structure */
method = session->next_crypto->kex_methods[SSH_MAC_C_S];
}
for (i = 0; ssh_hmactab[i].name != NULL; i++) {
int cmp;
cmp = strcmp(method, ssh_hmactab[i].name);
if (cmp == 0) {
break;
}
}
if (ssh_hmactab[i].name == NULL) {
ssh_set_error(session, SSH_FATAL,
"crypt_set_algorithms_server: no hmac algorithm function found for %s",
method);
return SSH_ERROR;
}
SSH_LOG(SSH_LOG_PACKET, "Set HMAC input algorithm to %s", method);
session->next_crypto->in_hmac = ssh_hmactab[i].hmac_type;
i=0;
/* compression */
method = session->next_crypto->kex_methods[SSH_COMP_C_S];
if(strcmp(method,"zlib") == 0){
SSH_LOG(SSH_LOG_PACKET,"enabling C->S compression");
session->next_crypto->do_compress_in=1;
}
if(strcmp(method,"*****@*****.**") == 0){
SSH_LOG(SSH_LOG_PACKET,"enabling C->S delayed compression");
if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
session->next_crypto->do_compress_in = 1;
} else {
session->next_crypto->delayed_compress_in = 1;
}
}
method = session->next_crypto->kex_methods[SSH_COMP_S_C];
if(strcmp(method,"zlib") == 0){
SSH_LOG(SSH_LOG_PACKET, "enabling S->C compression");
session->next_crypto->do_compress_out=1;
}
if(strcmp(method,"*****@*****.**") == 0){
SSH_LOG(SSH_LOG_PACKET,"enabling S->C delayed compression");
if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
session->next_crypto->do_compress_out = 1;
} else {
session->next_crypto->delayed_compress_out = 1;
}
}
method = session->next_crypto->kex_methods[SSH_HOSTKEYS];
session->srv.hostkey = ssh_key_type_from_name(method);
return SSH_OK;
}
static int crypt_set_algorithms2(ssh_session session){
const char *wanted;
int i = 0;
struct ssh_cipher_struct *ssh_ciphertab=ssh_get_ciphertab();
struct ssh_hmac_struct *ssh_hmactab=ssh_get_hmactab();
int cmp;
/*
* We must scan the kex entries to find crypto algorithms and set their
* appropriate structure.
*/
/* out */
wanted = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
while (ssh_ciphertab[i].name && strcmp(wanted, ssh_ciphertab[i].name)) {
i++;
}
if (ssh_ciphertab[i].name == NULL) {
ssh_set_error(session, SSH_FATAL,
"crypt_set_algorithms2: no crypto algorithm function found for %s",
wanted);
return SSH_ERROR;
}
SSH_LOG(SSH_LOG_PACKET, "Set output algorithm to %s", wanted);
session->next_crypto->out_cipher = cipher_new(i);
if (session->next_crypto->out_cipher == NULL) {
ssh_set_error_oom(session);
return SSH_ERROR;
}
i = 0;
if (session->next_crypto->out_cipher->aead_encrypt != NULL){
/* this cipher has integrated MAC */
wanted = "aead-poly1305";
} else {
/*
* We must scan the kex entries to find hmac algorithms and set their
* appropriate structure.
*/
/* out */
wanted = session->next_crypto->kex_methods[SSH_MAC_C_S];
}
for (i = 0; ssh_hmactab[i].name != NULL; i++) {
cmp = strcmp(wanted, ssh_hmactab[i].name);
if (cmp == 0) {
break;
}
}
if (ssh_hmactab[i].name == NULL) {
ssh_set_error(session, SSH_FATAL,
"crypt_set_algorithms2: no hmac algorithm function found for %s",
wanted);
return SSH_ERROR;
}
SSH_LOG(SSH_LOG_PACKET, "Set HMAC output algorithm to %s", wanted);
session->next_crypto->out_hmac = ssh_hmactab[i].hmac_type;
/* in */
wanted = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
for (i = 0; ssh_ciphertab[i].name != NULL; i++) {
cmp = strcmp(wanted, ssh_ciphertab[i].name);
if (cmp == 0) {
break;
}
}
if (ssh_ciphertab[i].name == NULL) {
ssh_set_error(session, SSH_FATAL,
"Crypt_set_algorithms: no crypto algorithm function found for %s",
wanted);
return SSH_ERROR;
}
SSH_LOG(SSH_LOG_PACKET, "Set input algorithm to %s", wanted);
session->next_crypto->in_cipher = cipher_new(i);
if (session->next_crypto->in_cipher == NULL) {
ssh_set_error_oom(session);
return SSH_ERROR;
}
if (session->next_crypto->in_cipher->aead_encrypt != NULL){
/* this cipher has integrated MAC */
wanted = "aead-poly1305";
} else {
/* we must scan the kex entries to find hmac algorithms and set their appropriate structure */
wanted = session->next_crypto->kex_methods[SSH_MAC_S_C];
}
for (i = 0; ssh_hmactab[i].name != NULL; i++) {
cmp = strcmp(wanted, ssh_hmactab[i].name);
if (cmp == 0) {
break;
}
}
if (ssh_hmactab[i].name == NULL) {
ssh_set_error(session, SSH_FATAL,
"crypt_set_algorithms2: no hmac algorithm function found for %s",
wanted);
return SSH_ERROR;
}
SSH_LOG(SSH_LOG_PACKET, "Set HMAC input algorithm to %s", wanted);
session->next_crypto->in_hmac = ssh_hmactab[i].hmac_type;
i = 0;
/* compression */
if (strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "zlib") == 0) {
session->next_crypto->do_compress_out = 1;
}
if (strcmp(session->next_crypto->kex_methods[SSH_COMP_S_C], "zlib") == 0) {
session->next_crypto->do_compress_in = 1;
}
if (strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "*****@*****.**") == 0) {
session->next_crypto->delayed_compress_out = 1;
}
if (strcmp(session->next_crypto->kex_methods[SSH_COMP_S_C], "*****@*****.**") == 0) {
session->next_crypto->delayed_compress_in = 1;
}
return SSH_OK;
}
// TODO Obviously too much cut and paste here
int crypt_set_algorithms_server(ssh_session session){
char *server = NULL;
char *client = NULL;
char *match = NULL;
int i = 0;
struct crypto_struct *ssh_ciphertab=ssh_get_ciphertab();
if (session == NULL) {
return SSH_ERROR;
}
/* we must scan the kex entries to find crypto algorithms and set their appropriate structure */
enter_function();
/* out */
server = session->server_kex.methods[SSH_CRYPT_S_C];
if(session->client_kex.methods) {
client = session->client_kex.methods[SSH_CRYPT_S_C];
} else {
ssh_log(session,SSH_LOG_PROTOCOL, "Client KEX empty");
}
/* That's the client algorithms that are more important */
match = ssh_find_matching(server,client);
if(!match){
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no matching algorithm function found for %s",server);
free(match);
leave_function();
return SSH_ERROR;
}
while(ssh_ciphertab[i].name && strcmp(match,ssh_ciphertab[i].name))
i++;
if(!ssh_ciphertab[i].name){
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no crypto algorithm function found for %s",server);
free(match);
leave_function();
return SSH_ERROR;
}
ssh_log(session,SSH_LOG_PACKET,"Set output algorithm %s",match);
SAFE_FREE(match);
session->next_crypto->out_cipher = cipher_new(i);
if (session->next_crypto->out_cipher == NULL) {
ssh_set_error(session, SSH_FATAL, "No space left");
leave_function();
return SSH_ERROR;
}
i=0;
/* in */
client=session->client_kex.methods[SSH_CRYPT_C_S];
server=session->server_kex.methods[SSH_CRYPT_S_C];
match=ssh_find_matching(server,client);
if(!match){
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no matching algorithm function found for %s",server);
free(match);
leave_function();
return SSH_ERROR;
}
while(ssh_ciphertab[i].name && strcmp(match,ssh_ciphertab[i].name))
i++;
if(!ssh_ciphertab[i].name){
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no crypto algorithm function found for %s",server);
free(match);
leave_function();
return SSH_ERROR;
}
ssh_log(session,SSH_LOG_PACKET,"Set input algorithm %s",match);
SAFE_FREE(match);
session->next_crypto->in_cipher = cipher_new(i);
if (session->next_crypto->in_cipher == NULL) {
ssh_set_error(session, SSH_FATAL, "No space left");
leave_function();
return SSH_ERROR;
}
/* compression */
client=session->client_kex.methods[SSH_CRYPT_C_S];
server=session->server_kex.methods[SSH_CRYPT_C_S];
match=ssh_find_matching(server,client);
if(match && !strcmp(match,"zlib")){
ssh_log(session,SSH_LOG_PACKET,"enabling C->S compression");
session->next_crypto->do_compress_in=1;
}
SAFE_FREE(match);
client=session->client_kex.methods[SSH_CRYPT_S_C];
server=session->server_kex.methods[SSH_CRYPT_S_C];
match=ssh_find_matching(server,client);
if(match && !strcmp(match,"zlib")){
ssh_log(session,SSH_LOG_PACKET,"enabling S->C compression\n");
session->next_crypto->do_compress_out=1;
}
SAFE_FREE(match);
server=session->server_kex.methods[SSH_HOSTKEYS];
client=session->client_kex.methods[SSH_HOSTKEYS];
match=ssh_find_matching(server,client);
if(match && !strcmp(match,"ssh-dss"))
session->hostkeys=SSH_KEYTYPE_DSS;
else if(match && !strcmp(match,"ssh-rsa"))
session->hostkeys=SSH_KEYTYPE_RSA;
else {
ssh_set_error(session, SSH_FATAL, "Cannot know what %s is into %s",
match ? match : NULL, server);
SAFE_FREE(match);
leave_function();
return SSH_ERROR;
}
SAFE_FREE(match);
leave_function();
return SSH_OK;
}
static int crypt_set_algorithms2(ssh_session session){
const char *wanted;
int i = 0;
struct crypto_struct *ssh_ciphertab=ssh_get_ciphertab();
/* we must scan the kex entries to find crypto algorithms and set their appropriate structure */
/* out */
wanted = session->client_kex.methods[SSH_CRYPT_C_S];
while (ssh_ciphertab[i].name && strcmp(wanted, ssh_ciphertab[i].name)) {
i++;
}
if (ssh_ciphertab[i].name == NULL) {
ssh_set_error(session, SSH_FATAL,
"Crypt_set_algorithms2: no crypto algorithm function found for %s",
wanted);
return SSH_ERROR;
}
ssh_log(session, SSH_LOG_PACKET, "Set output algorithm to %s", wanted);
session->next_crypto->out_cipher = cipher_new(i);
if (session->next_crypto->out_cipher == NULL) {
ssh_set_error(session, SSH_FATAL, "No space left");
return SSH_ERROR;
}
i = 0;
/* in */
wanted = session->client_kex.methods[SSH_CRYPT_S_C];
while (ssh_ciphertab[i].name && strcmp(wanted, ssh_ciphertab[i].name)) {
i++;
}
if (ssh_ciphertab[i].name == NULL) {
ssh_set_error(session, SSH_FATAL,
"Crypt_set_algorithms: no crypto algorithm function found for %s",
wanted);
return SSH_ERROR;
}
ssh_log(session, SSH_LOG_PACKET, "Set input algorithm to %s", wanted);
session->next_crypto->in_cipher = cipher_new(i);
if (session->next_crypto->in_cipher == NULL) {
ssh_set_error(session, SSH_FATAL, "Not enough space");
return SSH_ERROR;
}
/* compression */
if (strcmp(session->client_kex.methods[SSH_COMP_C_S], "zlib") == 0) {
session->next_crypto->do_compress_out = 1;
}
if (strcmp(session->client_kex.methods[SSH_COMP_S_C], "zlib") == 0) {
session->next_crypto->do_compress_in = 1;
}
if (strcmp(session->client_kex.methods[SSH_COMP_C_S], "*****@*****.**") == 0) {
session->next_crypto->delayed_compress_out = 1;
}
if (strcmp(session->client_kex.methods[SSH_COMP_S_C], "*****@*****.**") == 0) {
session->next_crypto->delayed_compress_in = 1;
}
return SSH_OK;
}
/** @internal
* @brief encrypts an ed25519 private key blob
*
*/
static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
const char* passphrase,
const char *ciphername,
const char *kdfname,
ssh_auth_callback auth_fn,
void *auth_data,
uint32_t rounds,
ssh_string salt)
{
struct ssh_cipher_struct *ciphers = ssh_get_ciphertab();
struct ssh_cipher_struct cipher;
uint8_t key_material[128];
size_t key_material_len;
char passphrase_buffer[128];
int rc;
int i;
uint8_t padding = 1;
int cmp;
cmp = strcmp(ciphername, "none");
if (cmp == 0){
/* no encryption required */
return SSH_OK;
}
for (i = 0; ciphers[i].name != NULL; i++) {
cmp = strcmp(ciphername, ciphers[i].name);
if (cmp == 0){
memcpy(&cipher, &ciphers[i], sizeof(cipher));
break;
}
}
if (ciphers[i].name == NULL){
SSH_LOG(SSH_LOG_WARN, "Unsupported cipher %s", ciphername);
return SSH_ERROR;
}
cmp = strcmp(kdfname, "bcrypt");
if (cmp != 0){
SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname);
return SSH_ERROR;
}
while (ssh_buffer_get_len(privkey_buffer) % cipher.blocksize != 0) {
rc = buffer_add_u8(privkey_buffer, padding);
if (rc < 0) {
return SSH_ERROR;
}
padding++;
}
/* We need material for key (keysize bits / 8) and IV (blocksize) */
key_material_len = cipher.keysize/8 + cipher.blocksize;
if (key_material_len > sizeof(key_material)){
ssh_pki_log("Key material too big");
return SSH_ERROR;
}
ssh_pki_log("Encryption: %d key, %d IV, %d rounds, %zu bytes salt",
cipher.keysize/8,
cipher.blocksize, rounds, ssh_string_len(salt));
if (passphrase == NULL){
if (auth_fn == NULL){
ssh_pki_log("No passphrase provided");
return SSH_ERROR;
}
rc = auth_fn("Passphrase",
passphrase_buffer,
sizeof(passphrase_buffer),
0,
0,
auth_data);
if (rc != SSH_OK){
return SSH_ERROR;
}
passphrase = passphrase_buffer;
}
rc = bcrypt_pbkdf(passphrase,
strlen(passphrase),
ssh_string_data(salt),
ssh_string_len(salt),
key_material,
key_material_len,
rounds);
if (rc < 0){
return SSH_ERROR;
}
cipher.set_encrypt_key(&cipher,
key_material,
key_material + cipher.keysize/8);
cipher.encrypt(&cipher,
ssh_buffer_get_begin(privkey_buffer),
ssh_buffer_get_begin(privkey_buffer),
ssh_buffer_get_len(privkey_buffer));
ssh_cipher_clear(&cipher);
BURN_BUFFER(passphrase_buffer, sizeof(passphrase_buffer));
return SSH_OK;
}
/**
* @brief decrypts an encrypted ed25519 private key blob
*
*/
static int pki_private_key_decrypt(ssh_string blob,
const char* passphrase,
const char *ciphername,
const char *kdfname,
ssh_string kdfoptions,
ssh_auth_callback auth_fn,
void *auth_data)
{
struct ssh_cipher_struct *ciphers = ssh_get_ciphertab();
struct ssh_cipher_struct cipher;
uint8_t key_material[128];
char passphrase_buffer[128];
size_t key_material_len;
ssh_buffer buffer;
ssh_string salt;
uint32_t rounds;
int cmp;
int rc;
int i;
cmp = strcmp(ciphername, "none");
if (cmp == 0){
/* no decryption required */
return SSH_OK;
}
for (i = 0; ciphers[i].name != NULL; i++) {
cmp = strcmp(ciphername, ciphers[i].name);
if (cmp == 0){
memcpy(&cipher, &ciphers[i], sizeof(cipher));
break;
}
}
if (ciphers[i].name == NULL){
SSH_LOG(SSH_LOG_WARN, "Unsupported cipher %s", ciphername);
return SSH_ERROR;
}
cmp = strcmp(kdfname, "bcrypt");
if (cmp != 0) {
SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname);
return SSH_ERROR;
}
if (ssh_string_len(blob) % cipher.blocksize != 0) {
SSH_LOG(SSH_LOG_WARN,
"Encrypted string not multiple of blocksize: %zu",
ssh_string_len(blob));
return SSH_ERROR;
}
buffer = ssh_buffer_new();
if (buffer == NULL){
return SSH_ERROR;
}
rc = ssh_buffer_add_data(buffer,
ssh_string_data(kdfoptions),
ssh_string_len(kdfoptions));
if (rc != SSH_ERROR){
rc = ssh_buffer_unpack(buffer, "Sd", &salt, &rounds);
}
ssh_buffer_free(buffer);
if (rc == SSH_ERROR){
return SSH_ERROR;
}
/* We need material for key (keysize bits / 8) and IV (blocksize) */
key_material_len = cipher.keysize/8 + cipher.blocksize;
if (key_material_len > sizeof(key_material)) {
ssh_pki_log("Key material too big");
return SSH_ERROR;
}
ssh_pki_log("Decryption: %d key, %d IV, %d rounds, %zu bytes salt",
cipher.keysize/8,
cipher.blocksize, rounds, ssh_string_len(salt));
if (passphrase == NULL) {
if (auth_fn == NULL) {
SAFE_FREE(salt);
ssh_pki_log("No passphrase provided");
return SSH_ERROR;
}
rc = auth_fn("Passphrase",
passphrase_buffer,
sizeof(passphrase_buffer),
0,
0,
auth_data);
if (rc != SSH_OK) {
SAFE_FREE(salt);
return SSH_ERROR;
}
passphrase = passphrase_buffer;
}
rc = bcrypt_pbkdf(passphrase,
strlen(passphrase),
ssh_string_data(salt),
ssh_string_len(salt),
key_material,
key_material_len,
rounds);
SAFE_FREE(salt);
if (rc < 0){
return SSH_ERROR;
}
BURN_BUFFER(passphrase_buffer, sizeof(passphrase_buffer));
cipher.set_decrypt_key(&cipher,
key_material,
key_material + cipher.keysize/8);
cipher.decrypt(&cipher,
ssh_string_data(blob),
ssh_string_data(blob),
ssh_string_len(blob));
ssh_cipher_clear(&cipher);
return SSH_OK;
}
int crypt_set_algorithms_server(ssh_session session){
char *method = NULL;
int i = 0;
int rc = SSH_ERROR;
struct ssh_cipher_struct *ssh_ciphertab=ssh_get_ciphertab();
if (session == NULL) {
return SSH_ERROR;
}
/* we must scan the kex entries to find crypto algorithms and set their appropriate structure */
enter_function();
/* out */
method = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
while(ssh_ciphertab[i].name && strcmp(method,ssh_ciphertab[i].name))
i++;
if(!ssh_ciphertab[i].name){
ssh_set_error(session,SSH_FATAL,"crypt_set_algorithms_server : "
"no crypto algorithm function found for %s",method);
goto error;
}
ssh_log(session,SSH_LOG_PACKET,"Set output algorithm %s",method);
session->next_crypto->out_cipher = cipher_new(i);
if (session->next_crypto->out_cipher == NULL) {
ssh_set_error_oom(session);
goto error;
}
i=0;
/* in */
method = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
while(ssh_ciphertab[i].name && strcmp(method,ssh_ciphertab[i].name))
i++;
if(!ssh_ciphertab[i].name){
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server :"
"no crypto algorithm function found for %s",method);
goto error;
}
ssh_log(session,SSH_LOG_PACKET,"Set input algorithm %s",method);
session->next_crypto->in_cipher = cipher_new(i);
if (session->next_crypto->in_cipher == NULL) {
ssh_set_error_oom(session);
goto error;
}
/* compression */
method = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
if(strcmp(method,"zlib") == 0){
ssh_log(session,SSH_LOG_PACKET,"enabling C->S compression");
session->next_crypto->do_compress_in=1;
}
if(strcmp(method,"*****@*****.**") == 0){
ssh_set_error(session,SSH_FATAL,"[email protected] not supported");
goto error;
}
method = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
if(strcmp(method,"zlib") == 0){
ssh_log(session,SSH_LOG_PACKET,"enabling S->C compression\n");
session->next_crypto->do_compress_out=1;
}
if(strcmp(method,"*****@*****.**") == 0){
ssh_set_error(session,SSH_FATAL,"[email protected] not supported");
goto error;
}
method = session->next_crypto->kex_methods[SSH_HOSTKEYS];
session->srv.hostkey = ssh_key_type_from_name(method);
rc = SSH_OK;
error:
leave_function();
return rc;
}
