WebSVN – Kolibri OS – Diff – /programs/network/ssh/ssh_transport.inc

 ;    GNU General Public License for more details.
+;
 ;    You should have received a copy of the GNU General Public License
 ;    along with this program.  If not, see .
-struct  ssh_header
-        length          dd ?
-        padding         db ?
-        message_code    db ?
-ends
+struct  ssh_packet_header
+        packet_length   dd ?    ; The length of the packet in bytes, not including 'mac' or the
+                                ; 'packet_length' field itself.
+        padding_length  db ?    ; Length of 'random padding' (bytes).
-proc dummy_encrypt _key, _in, _out
+        message_code    db ?    ; First byte of payload
-        ret
+ends
-endp
-proc ssh_recv_packet sock, buf, size, flags
-locals
+proc ssh_recv_packet connection, flags
         bufferptr       dd ?
+locals
+        data_length     dd ?    ; Total length of packet without MAC
-        remaining       dd ?
+endl
+        DEBUGF  2, "> "
+; Receive first block (Read length, padding length, message code)
-        padding         dd ?
+        mov     ebx, [connection]
-endl
+        mov     ecx, [ebx+ssh_connection.socketnum]
+        mov     esi, [ebx+ssh_connection.rx_crypt_blocksize]
+        lea     edx, [ebx+ssh_connection.rx_buffer]
-        DEBUGF  1, "ssh_recv_packet\n"
+        mov     edi, [flags]
+        mcall   recv
-; Receive first block (Read length, padding length, message code)
+        DEBUGF  1, "chunk = %u ", eax
-        mcall   recv, [sock], [buf], [rx_blocksize], [flags]
-        DEBUGF  1, "chunk = %u\n", eax
+        mov     ebx, [connection]
+        cmp     eax, [ebx+ssh_connection.rx_crypt_blocksize]
-        cmp     eax, [rx_blocksize]
+        jne     .fail
-        jne     .fail       ;;;;
+; Decrypt first block
+        cmp     [ebx+ssh_connection.rx_crypt_proc], 0
+        je      @f
+        pusha
+        lea     esi, [ebx+ssh_connection.rx_buffer]
-;        stdcall [decrypt_proc], [rx_context], [buf], [buf]
+        stdcall [ebx+ssh_connection.rx_crypt_proc], [ebx+ssh_connection.rx_crypt_ctx_ptr], esi, esi
+        popa
-        mov     ebx, [buf]
+  @@:
+; Check data length
-        movzx   eax, [ebx+ssh_header.padding]
+        mov     esi, [ebx+ssh_connection.rx_buffer.packet_length]
+        bswap   esi                                             ; convert length to little endian
+        mov     [ebx+ssh_connection.rx_buffer.packet_length], esi
+        DEBUGF  1, "packet length=%u ", esi
-        mov     [padding], eax
+        cmp     esi, BUFFERSIZE
-        mov     eax, [ebx+ssh_header.length]
+        ja      .fail                                           ; packet is too large
-        bswap   eax                                             ; length to little endian
-        mov     [ebx+ssh_header.length], eax
+; Calculate amount of remaining data
-        DEBUGF  1, "ssh_recv_packet length = %u\n", eax
+        add     esi, 4                                          ; Packet length field itself is not included in the count
+        sub     esi, [ebx+ssh_connection.rx_crypt_blocksize]    ; Already received this amount of data
-        cmp     eax, [size]
+        add     esi, [ebx+ssh_connection.rx_mac_length]
-        ja      .fail       ;;;;
+        jz      .got_all_data
-        sub     eax, [rx_blocksize]
+; Receive remaining data
-        add     eax, 4
+        lea     edx, [ebx+ssh_connection.rx_buffer]
-        mov     [remaining], eax
+        add     edx, [ebx+ssh_connection.rx_crypt_blocksize]
-        add     ebx, [rx_blocksize]
+        mov     ecx, [ebx+ssh_connection.socketnum]
-        mov     [bufferptr], ebx
+        mov     edi, [flags]
   .receive_loop:
-        mcall   recv, [sock], [bufferptr], [remaining], 0
+        mcall   recv
-        DEBUGF  1, "chunk = %u\n", eax
+        DEBUGF  1, "chunk = %u ", eax
         cmp     eax, 0
+        jbe     .fail
-        jbe     .fail
+        add     edx, eax
+        sub     esi, eax
+        jnz     .receive_loop
+; Decrypt data
-        add     [bufferptr], eax
+        mov     ebx, [connection]
-        sub     [remaining], eax
+        cmp     [ebx+ssh_connection.rx_crypt_proc], 0
+        je      .decrypt_complete
+        mov     ecx, [ebx+ssh_connection.rx_buffer.packet_length]
-        ja      .receive_loop
+        add     ecx, 4                                          ; Packet_length field itself
+        sub     ecx, [ebx+ssh_connection.rx_crypt_blocksize]    ; Already decrypted this amount of data
+        jz      .decrypt_complete
+        lea     esi, [ebx+ssh_connection.rx_buffer]
+        add     esi, [ebx+ssh_connection.rx_crypt_blocksize]
-;  .decrypt_loop:
+  .decrypt_loop:
+        pusha
-;        stdcall [decrypt_proc], [rx_context], [buf], [buf]
+        stdcall [ebx+ssh_connection.rx_crypt_proc], [ebx+ssh_connection.rx_crypt_ctx_ptr], esi, esi
-;        ja      .decrypt_loop
+        popa
+        add     esi, [ebx+ssh_connection.rx_crypt_blocksize]
+        sub     ecx, [ebx+ssh_connection.rx_crypt_blocksize]
+        jnz     .decrypt_loop
+  .decrypt_complete:
+; Authenticate message
+        cmp     [ebx+ssh_connection.rx_mac_proc], 0
+        je      .mac_complete
+        lea     esi, [ebx+ssh_connection.rx_seq]
+        mov     ecx, [ebx+ssh_connection.rx_buffer.packet_length]
+        add     ecx, 8                                          ; packet_length field itself + sequence number
+        lea     eax, [ebx+ssh_connection.rx_mac_ctx]
+        mov     edx, [ebx+ssh_connection.rx_buffer.packet_length]
+        bswap   edx                                             ; convert length to big endian
+        mov     [ebx+ssh_connection.rx_buffer.packet_length], edx
+        stdcall [ebx+ssh_connection.rx_mac_proc], eax, esi, ecx
+        mov     edx, [ebx+ssh_connection.rx_buffer.packet_length]
+        bswap   edx                                             ; convert length to little endian
-;  .hmac_loop:
+        mov     [ebx+ssh_connection.rx_buffer.packet_length], edx
+        lea     esi, [ebx+ssh_connection.rx_mac_ctx]
+        lea     edi, [ebx+ssh_connection.rx_buffer]
+        add     edi, [ebx+ssh_connection.rx_buffer.packet_length]
+        add     edi, 4
+        mov     ecx, [ebx+ssh_connection.rx_mac_length]
+        shr     ecx, 2
+        repe cmpsd
+        jne     .mac_failed
+  .mac_complete:
+        inc     byte[ebx+ssh_connection.rx_seq+3]               ; Update sequence counter
+        jnc     @f
+        inc     byte[ebx+ssh_connection.rx_seq+2]
+        jnc     @f
+        inc     byte[ebx+ssh_connection.rx_seq+1]
-; TODO
+        jnc     @f
+        inc     byte[ebx+ssh_connection.rx_seq+0]
-;        ja      .hmac_loop
+  @@:
-; Return usefull data length in eax
+; Return useful data length to the caller via eax register
-        mov     eax, [buf]
+  .got_all_data:
-        movzx   ebx, [eax+ssh_header.padding]
+        mov     eax, [ebx+ssh_connection.rx_buffer.packet_length]
+        movzx   ebx, [ebx+ssh_connection.rx_buffer.padding_length]
+        sub     eax, ebx
+        DEBUGF  1, "useful data length=%u\n", eax
+        ret
-        mov     eax, [eax+ssh_header.length]
+  .fail:
-        sub     eax, ebx
+        DEBUGF  3, "ssh_recv_packet failed!\n"
-        DEBUGF  1, "ssh_recv_packet complete, usefull data length=%u\n", eax
+        mov     eax, -1
         ret
-  .fail:
+  .mac_failed:
-        DEBUGF  1, "ssh_recv_packet failed!\n"
+        DEBUGF  3, "ssh_recv_packet MAC failed!\n"
         mov     eax, -1
+        ret
-        ret
 endp
-endp
-proc ssh_send_packet sock, buf, payloadsize, flags
+proc ssh_send_packet connection, buf, payload_size, flags
 locals
-locals
+        packet_size    dd ?
-        size    dd ?
+endl
-endl
+        DEBUGF  2, "< "
         DEBUGF  1, "ssh_send_packet: size=%u\n", [payloadsize]
 ; Pad the packet with random data
-        mov     eax, [payloadsize]
+        mov     eax, [payload_size]
-        inc     eax             ; padding length byte
+        inc     eax                     ; padding length byte
+        lea     edx, [eax+4]            ; total packet size (without padding and MAC)
-        lea     edx, [eax+4]    ; total packet size (without padding)
+        mov     [packet_size], edx
-        mov     [size], edx
+        mov     ecx, [connection]
-        mov     ebx, [tx_blocksize]
+        mov     ebx, [ecx+ssh_connection.tx_crypt_blocksize]
         dec     ebx
         and     edx, ebx
         neg     edx
-        add     edx, [tx_blocksize]
+        add     edx, [ecx+ssh_connection.tx_crypt_blocksize]
-        cmp     edx, 4          ; minimum padding size
+        cmp     edx, 4                  ; minimum padding size
         jae     @f
-        add     edx, [tx_blocksize]
-  @@:
-        DEBUGF  1, "Padding %u bytes\n", edx
+        add     edx, [ecx+ssh_connection.tx_crypt_blocksize]
-        add     [size], edx
+  @@:
-        add     eax, edx
+        DEBUGF  1, "padding %u bytes ", edx
-        DEBUGF  1, "Total size: %u\n", eax
+        add     [packet_size], edx
         bswap   eax
-        mov     edi, tx_buffer
+        add     eax, edx
         call    MBRandom
         stosd
         dec     esi
         jnz     @r
+; Message authentication
+        mov     edx, [connection]
+        cmp     [edx+ssh_connection.tx_mac_proc], 0
+        je      .mac_complete
+;        DEBUGF  1, "MAC sequence number: 0x%x\n", [edx+ssh_connection.tx_seq]
+        lea     esi, [edx+ssh_connection.tx_seq]
+        mov     ecx, [packet_size]
+        add     ecx, 4                                          ; Sequence number length
+        lea     eax, [edx+ssh_connection.tx_mac_ctx]
+        stdcall [edx+ssh_connection.tx_mac_proc], eax, esi, ecx
+        lea     esi, [edx+ssh_connection.tx_mac_ctx]
+        lea     edi, [edx+ssh_connection.tx_buffer]
+        add     edi, [packet_size]
+        mov     ecx, [edx+ssh_connection.tx_mac_length]
+        shr     ecx, 2
+        rep movsd
+  .mac_complete:
+        inc     byte[edx+ssh_connection.tx_seq+3]               ; Update sequence counter
+        jnc     @f
+        inc     byte[edx+ssh_connection.tx_seq+2]
+        jnc     @f
+        inc     byte[edx+ssh_connection.tx_seq+1]
+        jnc     @f
+        inc     byte[edx+ssh_connection.tx_seq+0]
+  @@:
+; Encrypt data
+        cmp     [edx+ssh_connection.tx_crypt_proc], 0
+        je      .encrypt_complete
+        lea     esi, [edx+ssh_connection.tx_buffer]
+        mov     ecx, [packet_size]
+  .encrypt_loop:
+        pusha
+        stdcall [edx+ssh_connection.tx_crypt_proc], [edx+ssh_connection.tx_crypt_ctx_ptr], esi, esi
+        popa
+        add     esi, [edx+ssh_connection.tx_crypt_blocksize]
+        sub     ecx, [edx+ssh_connection.tx_crypt_blocksize]
+        jnz     .encrypt_loop
+  .encrypt_complete:
+; Send the packet
+        mov     ebx, [connection]
+        mov     ecx, [ebx+ssh_connection.socketnum]
+        lea     edx, [ebx+ssh_connection.tx_buffer]
+        mov     esi, [packet_size]
+        add     esi, [ebx+ssh_connection.tx_mac_length]
+        mov     edi, [flags]
+        mcall   send
-        mcall   send, [sock], tx_buffer, [size], [flags]
+        DEBUGF  1, "\n"
         ret

Subversion Repositories Kolibri OS

(root)/programs/network/ssh/ssh_transport.inc @ 7730 – Rev 6419 → 6469