char *
compat_kex_proposal(ncrack_ssh_state *nstate, char *p)
{
if ((nstate->datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
return p;
debug2("%s: original KEX proposal: %s", __func__, p);
if ((nstate->datafellows & SSH_BUG_CURVE25519PAD) != 0)
p = filter_proposal(p, "*****@*****.**");
if ((nstate->datafellows & SSH_OLD_DHGEX) != 0) {
p = filter_proposal(p, "diffie-hellman-group-exchange-sha256");
p = filter_proposal(p, "diffie-hellman-group-exchange-sha1");
}
debug2("%s: compat KEX proposal: %s", __func__, p);
if (*p == '\0')
fatal("No supported key exchange algorithms found");
return p;
}
char *
compat_pkalg_proposal(ncrack_ssh_state *nstate, char *pkalg_prop)
{
if (!(nstate->datafellows & SSH_BUG_RSASIGMD5))
return pkalg_prop;
debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa");
debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
if (*pkalg_prop == '\0')
fatal("No supported PK algorithms found");
return pkalg_prop;
}
char *
compat_cipher_proposal(ncrack_ssh_state *nstate, char *cipher_prop)
{
if (!(nstate->datafellows & SSH_BUG_BIGENDIANAES))
return cipher_prop;
debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
cipher_prop = filter_proposal(cipher_prop, "aes*");
debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
if (*cipher_prop == '\0')
fatal("No supported ciphers found");
return cipher_prop;
}
char *
compat_kex_proposal(char *kex_prop, u_int compat)
{
if (!(compat & SSH_BUG_CURVE25519PAD))
return kex_prop;
debug2("%s: original KEX proposal: %s", __func__, kex_prop);
kex_prop = filter_proposal(kex_prop, "*****@*****.**");
debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
if (*kex_prop == '\0')
fatal("No supported key exchange algorithms found");
return kex_prop;
}
char *
compat_pkalg_proposal(char *pkalg_prop, u_int compat)
{
if (!(compat & SSH_BUG_RSASIGMD5))
return pkalg_prop;
debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa");
debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
if (*pkalg_prop == '\0')
fatal("No supported PK algorithms found");
return pkalg_prop;
}
char *
compat_cipher_proposal(char *cipher_prop, u_int compat)
{
if (!(compat & SSH_BUG_BIGENDIANAES))
return cipher_prop;
debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
cipher_prop = filter_proposal(cipher_prop, "aes*");
debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
if (*cipher_prop == '\0')
fatal("No supported ciphers found");
return cipher_prop;
}
