1 files changed, 52 insertions, 19 deletions

diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 7c7dda7a1e..c48c0800e4 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2016. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2017. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -34,6 +34,8 @@
 -export([next_seqnum/1, 
 	 supported_algorithms/0, supported_algorithms/1,
 	 default_algorithms/0, default_algorithms/1,
+         algo_classes/0, algo_class/1,
+         algo_two_spec_classes/0, algo_two_spec_class/1,
 	 handle_packet_part/4,
 	 handle_hello_version/1,
 	 key_exchange_init_msg/1,
@@ -81,6 +83,23 @@ default_algorithms() -> [{K,default_algorithms(K)} || K <- algo_classes()].
 
 algo_classes() -> [kex, public_key, cipher, mac, compression].
 
+algo_class(kex) -> true;
+algo_class(public_key) -> true;
+algo_class(cipher) -> true;
+algo_class(mac) -> true;
+algo_class(compression) -> true;
+algo_class(_) -> false.
+
+
+algo_two_spec_classes() -> [cipher, mac, compression].
+
+algo_two_spec_class(cipher) -> true;
+algo_two_spec_class(mac) -> true;
+algo_two_spec_class(compression) -> true;
+algo_two_spec_class(_) -> false.
+
+    
+
 default_algorithms(kex) ->
     supported_algorithms(kex, [
                                'diffie-hellman-group1-sha1' % Gone in OpenSSH 7.3.p1
@@ -92,10 +111,7 @@ default_algorithms(cipher) ->
 default_algorithms(mac) ->
     supported_algorithms(mac, same(['AEAD_AES_128_GCM',
 				    'AEAD_AES_256_GCM']));
-default_algorithms(public_key) ->
-    supported_algorithms(public_key, ['rsa-sha2-256',
-                                      'rsa-sha2-384',
-                                      'rsa-sha2-512']);
+
 default_algorithms(Alg) ->
     supported_algorithms(Alg, []).
 
@@ -122,10 +138,9 @@ supported_algorithms(public_key) ->
        {'ecdsa-sha2-nistp384',  [{public_keys,ecdsa}, {hashs,sha384}, {ec_curve,secp384r1}]},
        {'ecdsa-sha2-nistp521',  [{public_keys,ecdsa}, {hashs,sha512}, {ec_curve,secp521r1}]},
        {'ecdsa-sha2-nistp256',  [{public_keys,ecdsa}, {hashs,sha256}, {ec_curve,secp256r1}]},
+       {'ssh-rsa',              [{public_keys,rsa},   {hashs,sha}                         ]},
        {'rsa-sha2-256',         [{public_keys,rsa},   {hashs,sha256}                      ]},
-       {'rsa-sha2-384',         [{public_keys,rsa},   {hashs,sha384}                      ]},
        {'rsa-sha2-512',         [{public_keys,rsa},   {hashs,sha512}                      ]},
-       {'ssh-rsa',              [{public_keys,rsa},   {hashs,sha}                         ]},
        {'ssh-dss',              [{public_keys,dss},   {hashs,sha}                         ]} % Gone in OpenSSH 7.3.p1
       ]);
  
@@ -724,14 +739,28 @@ kex_ext_info(Role, Opts) ->
     end.
     
 ext_info_message(#ssh{role=client,
-                      send_ext_info=true} = Ssh0) ->
-    %% FIXME: no extensions implemented
-    {ok, "", Ssh0};
+                      send_ext_info=true,
+                      opts=Opts} = Ssh0) ->
+    %% Since no extension sent by the client is implemented, we add a fake one
+    %% to be able to test the framework.
+    %% Remove this when there is one and update ssh_protocol_SUITE whare it is used.
+    case proplists:get_value(ext_info_client, ?GET_OPT(tstflg,Opts)) of
+        true ->
+            Msg = #ssh_msg_ext_info{nr_extensions = 1,
+                                    data = [{"[email protected]", "Testing,PleaseIgnore"}]
+                                   },
+            {SshPacket, Ssh} = ssh_packet(Msg, Ssh0),
+            {ok, SshPacket, Ssh};
+        _ ->
+            {ok, "", Ssh0}
+    end;
 
 ext_info_message(#ssh{role=server,
-                      send_ext_info=true} = Ssh0) ->
+                      send_ext_info=true,
+                      opts = Opts} = Ssh0) ->
     AlgsList = lists:map(fun erlang:atom_to_list/1,
-                         ssh_transport:default_algorithms(public_key)),
+                         proplists:get_value(public_key,
+                                             ?GET_OPT(preferred_algorithms, Opts))),
     Msg = #ssh_msg_ext_info{nr_extensions = 1,
                             data = [{"server-sig-algs", string:join(AlgsList,",")}]
                            },
@@ -766,16 +795,20 @@ extract_public_key(#'ECPrivateKey'{parameters = {namedCurve,OID},
     {#'ECPoint'{point=Q}, {namedCurve,OID}}.
 
 
-verify_host_key(#ssh{algorithms=Alg}=SSH, PublicKey, Digest, Signature) ->
-    case verify(Digest, sha(Alg#alg.hkey), Signature, PublicKey) of
-	false ->
-	    {error, bad_signature};
-	true ->
-	    known_host_key(SSH, PublicKey, public_algo(PublicKey))
+verify_host_key(#ssh{algorithms=Alg}=SSH, PublicKey, Digest, {AlgStr,Signature}) ->
+    case atom_to_list(Alg#alg.hkey) of
+        AlgStr ->
+            case verify(Digest, sha(Alg#alg.hkey), Signature, PublicKey) of
+                false ->
+                    {error, bad_signature};
+                true ->
+                    known_host_key(SSH, PublicKey, public_algo(PublicKey))
+            end;
+        _ ->
+            {error, bad_signature_name}
     end.
 
 
-
 accepted_host(Ssh, PeerName, Public, Opts) ->
     case ?GET_OPT(silently_accept_hosts, Opts) of