improve code comments

Signed-off-by: Nicola Murino <[email protected]>

Author: drakkan

ssh/common.go

@@ -24,7 +24,8 @@ const (
 	serviceSSH      = "ssh-connection"
 )
 
-// These are string constants related to extensions and extension negotiation
+// These are string constants related to extensions and extension negotiation.
+// See RFC 8308
 const (
 	extInfoServer    = "ext-info-s"
 	extInfoClient    = "ext-info-c"
@@ -97,7 +98,7 @@ var supportedMACs = []string{
 var supportedCompressions = []string{compressionNone}
 
 // supportedServerSigAlgs defines the algorithms supported for pubkey authentication
-// in no particular order.
+// in no particular order. See RFC 8308, Section 3.1.
 var supportedServerSigAlgs = []string{KeyAlgoRSASHA256,
 	KeyAlgoRSASHA512, KeyAlgoRSA,
 	KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521,

ssh/handshake.go

@@ -476,6 +476,9 @@ func (t *handshakeTransport) sendKexInit() error {
 				msg.ServerHostKeyAlgos = append(msg.ServerHostKeyAlgos, keyFormat)
 			}
 		}
+		// As a server we add ext-info-s to the KEX algorithms to indicate that we support
+		// the Extension Negotiation Mechanism. The ext-info-s indicator must be added only
+		// in the first key exchange. See RFC 8308, Section 2.1.
 		if firstKeyExchange {
 			msg.KexAlgos = make([]string, 0, len(t.config.KeyExchanges)+1)
 			msg.KexAlgos = append(msg.KexAlgos, t.config.KeyExchanges...)
@@ -642,12 +645,10 @@ func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
 
 	if !isClient {
 		// We're on the server side, if this is the first key exchange
-		// see if the client sent the extension signal
+		// and the client sent the ext-info-c indicator, we send an SSH_MSG_EXT_INFO
+		// message with the server-sig-algs extension. See RFC 8308, Section 3.1.
 		if firstKeyExchange && contains(clientInit.KexAlgos, extInfoClient) {
-			// The other side supports ext info, and this is the first key exchange,
-			// so send an SSH_MSG_EXT_INFO message.
 			extensions := map[string][]byte{}
-			// Prepare the server-sig-algos extension message to send.
 			extensions[extServerSigAlgs] = []byte(strings.Join(supportedServerSigAlgs, ","))
 
 			extInfo := &extInfoMsg{

ssh/server.go

@@ -256,13 +256,13 @@ func (s *connection) serverHandshake(config *ServerConfig) (*Permissions, error)
 	// We just did the key change, so the session ID is established.
 	s.sessionID = s.transport.getSessionID()
 
-	// the client could send a SSH_MSG_EXT_INFO before SSH_MSG_SERVICE_REQUEST
+	// the client could send a SSH_MSG_EXT_INFO after the first SSH_MSG_NEWKEYS
+	// and so before SSH_MSG_SERVICE_REQUEST. See RFC 8308, Section 2.4.
 	var packet []byte
 	if packet, err = s.transport.readPacket(); err != nil {
 		return nil, err
 	}
 
-	// be permissive and don't add contains(s.transport.config.Extensions, ExtServerSigAlgs)
 	if len(packet) > 0 && packet[0] == msgExtInfo {
 		// read SSH_MSG_EXT_INFO
 		var extInfo extInfoMsg