Support receiving RFC 8308 SSH2_MSG_EXT_INFO.

We now add the appropriate advertisement to our KEXINIT that indicates a willingness to receive EXT_INFO. Code in the BPP enforces that it must appear in one of the permitted locations in the protocol (in particular, this ensures a pre-key-exchange MITM can't get away with inserting it into the initial cleartext segment of the protocol). And when we receive it, we look through it for extension names we know about. No functional change (except for the advertisement in KEXINIT): we don't yet actually do anything in response to any extension reported in EXT_INFO.
2025-07-01 19:42:48 -05:00 · 2020-11-21 14:29:30 +00:00
parent b22e26f07b
commit 1243be890a
5 changed files with 110 additions and 0 deletions
--- a/ssh.h
+++ b/ssh.h
@ -1412,6 +1412,7 @@ void platform_ssh_share_cleanup(const char *name);
    X(y, SSH2_MSG_DEBUG, 4)                                             \
    X(y, SSH2_MSG_SERVICE_REQUEST, 5)                                   \
    X(y, SSH2_MSG_SERVICE_ACCEPT, 6)                                    \
+    X(y, SSH2_MSG_EXT_INFO, 7)                                          \
    X(y, SSH2_MSG_KEXINIT, 20)                                          \
    X(y, SSH2_MSG_NEWKEYS, 21)                                          \
    K(y, SSH2_MSG_KEXDH_INIT, 30, SSH2_PKTCTX_DHGROUP)                  \