42 int	_ssh_exchange_banner(struct ssh *);
43 int	_ssh_send_banner(struct ssh *, struct sshbuf *);
44 int	_ssh_read_banner(struct ssh *, struct sshbuf *);
45 int	_ssh_order_hostkeyalgs(struct ssh *);
46 int	_ssh_verify_host_key(struct sshkey *, struct ssh *);
47 struct sshkey *_ssh_host_public_key(int, int, struct ssh *);
48 struct sshkey *_ssh_host_private_key(int, int, struct ssh *);
49 int	_ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *,
87 ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)  in ssh_init()
91 	struct ssh *ssh;  in ssh_init()  local
101 	if ((ssh = ssh_packet_set_connection(NULL, -1, -1)) == NULL)  in ssh_init()
104 		ssh_packet_set_server(ssh);  in ssh_init()
108 	kex_proposal_populate_entries(ssh, populated,  in ssh_init()
114 	r = kex_ready(ssh, populated);  in ssh_init()
117 		ssh_free(ssh);  in ssh_init()
121 	ssh->kex->server = is_server;  in ssh_init()
124 		ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;  in ssh_init()
125 		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;  in ssh_init()
126 		ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;  in ssh_init()
127 		ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;  in ssh_init()
128 		ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;  in ssh_init()
129 		ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;  in ssh_init()
130 		ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;  in ssh_init()
132 		ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_server;  in ssh_init()
135 		ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server;  in ssh_init()
136 		ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;  in ssh_init()
137 		ssh->kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_server;  in ssh_init()
138 		ssh->kex->load_host_public_key=&_ssh_host_public_key;  in ssh_init()
139 		ssh->kex->load_host_private_key=&_ssh_host_private_key;  in ssh_init()
140 		ssh->kex->sign=&_ssh_host_key_sign;  in ssh_init()
143 		ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;  in ssh_init()
144 		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;  in ssh_init()
145 		ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;  in ssh_init()
146 		ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;  in ssh_init()
147 		ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;  in ssh_init()
148 		ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;  in ssh_init()
149 		ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;  in ssh_init()
151 		ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;  in ssh_init()
154 		ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;  in ssh_init()
155 		ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client;  in ssh_init()
156 		ssh->kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_client;  in ssh_init()
157 		ssh->kex->verify_host_key =&_ssh_verify_host_key;  in ssh_init()
159 	*sshp = ssh;  in ssh_init()
164 ssh_free(struct ssh *ssh)  in ssh_free()  argument
168 	if (ssh == NULL)  in ssh_free()
175 	while ((k = TAILQ_FIRST(&ssh->public_keys)) != NULL) {  in ssh_free()
176 		TAILQ_REMOVE(&ssh->public_keys, k, next);  in ssh_free()
177 		if (ssh->kex && ssh->kex->server)  in ssh_free()
181 	while ((k = TAILQ_FIRST(&ssh->private_keys)) != NULL) {  in ssh_free()
182 		TAILQ_REMOVE(&ssh->private_keys, k, next);  in ssh_free()
185 	ssh_packet_close(ssh);  in ssh_free()
186 	free(ssh);  in ssh_free()
190 ssh_set_app_data(struct ssh *ssh, void *app_data)  in ssh_set_app_data()  argument
192 	ssh->app_data = app_data;  in ssh_set_app_data()
196 ssh_get_app_data(struct ssh *ssh)  in ssh_get_app_data()  argument
198 	return ssh->app_data;  in ssh_get_app_data()
203 ssh_add_hostkey(struct ssh *ssh, struct sshkey *key)  in ssh_add_hostkey()  argument
209 	if (ssh->kex->server) {  in ssh_add_hostkey()
219 		TAILQ_INSERT_TAIL(&ssh->private_keys, k_prv, next);  in ssh_add_hostkey()
223 		TAILQ_INSERT_TAIL(&ssh->public_keys, k, next);  in ssh_add_hostkey()
229 		TAILQ_INSERT_TAIL(&ssh->public_keys, k, next);  in ssh_add_hostkey()
237 ssh_set_verify_host_key_callback(struct ssh *ssh,  in ssh_set_verify_host_key_callback()  argument
238     int (*cb)(struct sshkey *, struct ssh *))  in ssh_set_verify_host_key_callback()
240 	if (cb == NULL || ssh->kex == NULL)  in ssh_set_verify_host_key_callback()
243 	ssh->kex->verify_host_key = cb;  in ssh_set_verify_host_key_callback()
249 ssh_input_append(struct ssh *ssh, const u_char *data, size_t len)  in ssh_input_append()  argument
251 	return sshbuf_put(ssh_packet_get_input(ssh), data, len);  in ssh_input_append()
255 ssh_packet_next(struct ssh *ssh, u_char *typep)  in ssh_packet_next()  argument
266 	if (sshbuf_len(ssh->kex->client_version) == 0 ||  in ssh_packet_next()
267 	    sshbuf_len(ssh->kex->server_version) == 0)  in ssh_packet_next()
268 		return _ssh_exchange_banner(ssh);  in ssh_packet_next()
281 		if ((r = ssh_packet_read_poll2(ssh, &type, &seqnr)) != 0)  in ssh_packet_next()
285 		    ssh->dispatch[type] != NULL) {  in ssh_packet_next()
286 			if ((r = (*ssh->dispatch[type])(type, seqnr, ssh)) != 0)  in ssh_packet_next()
296 ssh_packet_payload(struct ssh *ssh, size_t *lenp)  in ssh_packet_payload()  argument
298 	return sshpkt_ptr(ssh, lenp);  in ssh_packet_payload()
302 ssh_packet_put(struct ssh *ssh, int type, const u_char *data, size_t len)  in ssh_packet_put()  argument
306 	if ((r = sshpkt_start(ssh, type)) != 0 ||  in ssh_packet_put()
307 	    (r = sshpkt_put(ssh, data, len)) != 0 ||  in ssh_packet_put()
308 	    (r = sshpkt_send(ssh)) != 0)  in ssh_packet_put()
314 ssh_output_ptr(struct ssh *ssh, size_t *len)  in ssh_output_ptr()  argument
316 	struct sshbuf *output = ssh_packet_get_output(ssh);  in ssh_output_ptr()
323 ssh_output_consume(struct ssh *ssh, size_t len)  in ssh_output_consume()  argument
325 	return sshbuf_consume(ssh_packet_get_output(ssh), len);  in ssh_output_consume()
329 ssh_output_space(struct ssh *ssh, size_t len)  in ssh_output_space()  argument
331 	return (0 == sshbuf_check_reserve(ssh_packet_get_output(ssh), len));  in ssh_output_space()
335 ssh_input_space(struct ssh *ssh, size_t len)  in ssh_input_space()  argument
337 	return (0 == sshbuf_check_reserve(ssh_packet_get_input(ssh), len));  in ssh_input_space()
342 _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)  in _ssh_read_banner()  argument
344 	struct sshbuf *input = ssh_packet_get_input(ssh);  in _ssh_read_banner()
373 		    memcmp(sshbuf_ptr(banner), "SSH-", 4) == 0)  in _ssh_read_banner()
378 		if (ssh->kex->server || ++n > SSH_MAX_PRE_BANNER_LINES) {  in _ssh_read_banner()
380 			if ((r = sshbuf_put(ssh_packet_get_output(ssh),  in _ssh_read_banner()
400 	if (sscanf(cp, "SSH-%d.%d-%[^\n]\n",  in _ssh_read_banner()
408 	compat_banner(ssh, remote_version);  in _ssh_read_banner()
425 _ssh_send_banner(struct ssh *ssh, struct sshbuf *banner)  in _ssh_send_banner()  argument
430 	if ((r = sshbuf_putf(banner, "SSH-2.0-%.100s\r\n", SSH_VERSION)) != 0)  in _ssh_send_banner()
432 	if ((r = sshbuf_putb(ssh_packet_get_output(ssh), banner)) != 0)  in _ssh_send_banner()
445 _ssh_exchange_banner(struct ssh *ssh)  in _ssh_exchange_banner()  argument
447 	struct kex *kex = ssh->kex;  in _ssh_exchange_banner()
457 		if (sshbuf_len(ssh->kex->server_version) == 0)  in _ssh_exchange_banner()
458 			r = _ssh_send_banner(ssh, ssh->kex->server_version);  in _ssh_exchange_banner()
460 		    sshbuf_len(ssh->kex->server_version) != 0 &&  in _ssh_exchange_banner()
461 		    sshbuf_len(ssh->kex->client_version) == 0)  in _ssh_exchange_banner()
462 			r = _ssh_read_banner(ssh, ssh->kex->client_version);  in _ssh_exchange_banner()
464 		if (sshbuf_len(ssh->kex->server_version) == 0)  in _ssh_exchange_banner()
465 			r = _ssh_read_banner(ssh, ssh->kex->server_version);  in _ssh_exchange_banner()
467 		    sshbuf_len(ssh->kex->server_version) != 0 &&  in _ssh_exchange_banner()
468 		    sshbuf_len(ssh->kex->client_version) == 0)  in _ssh_exchange_banner()
469 			r = _ssh_send_banner(ssh, ssh->kex->client_version);  in _ssh_exchange_banner()
474 	if (sshbuf_len(ssh->kex->server_version) != 0 &&  in _ssh_exchange_banner()
475 	    sshbuf_len(ssh->kex->client_version) != 0) {  in _ssh_exchange_banner()
476 		if ((r = _ssh_order_hostkeyalgs(ssh)) != 0 ||  in _ssh_exchange_banner()
477 		    (r = kex_send_kexinit(ssh)) != 0)  in _ssh_exchange_banner()
484 _ssh_host_public_key(int type, int nid, struct ssh *ssh)  in _ssh_host_public_key()  argument
489 	TAILQ_FOREACH(k, &ssh->public_keys, next) {  in _ssh_host_public_key()
499 _ssh_host_private_key(int type, int nid, struct ssh *ssh)  in _ssh_host_private_key()  argument
504 	TAILQ_FOREACH(k, &ssh->private_keys, next) {  in _ssh_host_private_key()
514 _ssh_verify_host_key(struct sshkey *hostkey, struct ssh *ssh)  in _ssh_verify_host_key()  argument
519 	TAILQ_FOREACH(k, &ssh->public_keys, next) {  in _ssh_verify_host_key()
529 _ssh_order_hostkeyalgs(struct ssh *ssh)  in _ssh_order_hostkeyalgs()  argument
537 	/* XXX we de-serialize ssh->kex->my, modify it, and change it */  in _ssh_order_hostkeyalgs()
538 	if ((r = kex_buf2prop(ssh->kex->my, NULL, &proposal)) != 0)  in _ssh_order_hostkeyalgs()
554 		TAILQ_FOREACH(k, &ssh->public_keys, next) {  in _ssh_order_hostkeyalgs()
566 		debug2_f("orig/%d    %s", ssh->kex->server, orig);  in _ssh_order_hostkeyalgs()
567 		debug2_f("replace/%d %s", ssh->kex->server, replace);  in _ssh_order_hostkeyalgs()
571 		r = kex_prop2buf(ssh->kex->my, proposal);  in _ssh_order_hostkeyalgs()
581 _ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey,  in _ssh_host_key_sign()  argument
586 	    alg, NULL, NULL, ssh->compat);  in _ssh_host_key_sign()