WebSVN – Kolibri OS – Diff – /programs/network/ssh/sshlib_connection.inc

 ; << Check key exchange init of server
         stdcall sshlib_recv_packet, [con_ptr], 0
         cmp     eax, -1
         je      .err_sock
-        mov     esi, [con_ptr]
+        mov     ebx, [con_ptr]
-        cmp     [esi + sshlib_connection.rx_buffer.message_code], SSH_MSG_KEXINIT
+        cmp     [ebx + sshlib_connection.rx_buffer.message_code], SSH_MSG_KEXINIT
         jne     .err_proto
+        DEBUGF  2, "Received KEX init\n"
-        DEBUGF  2, "Received KEX init\n"
-        lea     esi, [esi + sshlib_connection.rx_buffer + sizeof.ssh_packet_header + 16]
-        lodsd
+        lea     esi, [ebx + sshlib_connection.rx_buffer + sizeof.ssh_packet_header + 16]
-        bswap   eax
-        DEBUGF  1, "kex_algorithms: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "server_host_key_algorithms: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "encryption_algorithms_client_to_server: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "encryption_algorithms_server_to_client: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "mac_algorithms_client_to_server: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "mac_algorithms_server_to_client: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "compression_algorithms_client_to_server: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
+        DEBUGF  2, "kex_algorithm "
-        DEBUGF  1, "compression_algorithms_server_to_client: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
+        stdcall sshlib_algo_find_match, ssh_msg_kex.kex_algorithms, algorithms_kex
-        DEBUGF  1, "languages_client_to_server: %s\n", esi
-        add     esi, eax
-        lodsd
+        test    eax, eax
-        bswap   eax
-        DEBUGF  1, "languages_server_to_client: %s\n", esi
-        add     esi, eax
-        lodsb
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_kex], eax
-        DEBUGF  1, "KEX First Packet Follows: %u\n", al
+        DEBUGF  2, "server_host_key_algorithm "
-; TODO: parse this structure and set algorithm codes accordingly
+        stdcall sshlib_algo_find_match, ssh_msg_kex.server_host_key_algorithms, algorithms_hostkey
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_hostkey], eax
+        DEBUGF  2, "encryption_algorithm_client_to_server "
-; FIXME: hardcoded for now
+        stdcall sshlib_algo_find_match, ssh_msg_kex.encryption_algorithms_client_to_server, algorithms_crypt
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_crypt_tx], eax
+        DEBUGF  2, "encryption_algorithm_server_to_client ",
-        mov     esi, [con_ptr]
+        stdcall sshlib_algo_find_match, ssh_msg_kex.encryption_algorithms_server_to_client, algorithms_crypt
+        test    eax, eax
+        jz      .err_no_algo
-        mov     [esi+sshlib_connection.algo_kex], SSHLIB_KEX_DH_SHA256
+        mov     [ebx + sshlib_connection.algo_crypt_rx], eax
+        DEBUGF  2, "mac_algorithm_client_to_server "
-        mov     [esi+sshlib_connection.algo_hostkey], SSHLIB_HOSTKEY_RSA
+        stdcall sshlib_algo_find_match, ssh_msg_kex.mac_algorithms_client_to_server, algorithms_mac
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_mac_tx], eax
+        DEBUGF  2, "mac_algorithm_server_to_client "
-        mov     [esi+sshlib_connection.algo_crypt_rx], SSHLIB_CRYPT_AES256_CTR
+        stdcall sshlib_algo_find_match, ssh_msg_kex.mac_algorithms_server_to_client, algorithms_mac
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_mac_rx], eax
+        DEBUGF  2, "compression_algorithm_client_to_server "
-        mov     [esi+sshlib_connection.algo_crypt_tx], SSHLIB_CRYPT_AES256_CTR  ; SSHLIB_CRYPT_CHACHA20_POLY1305
+        stdcall sshlib_algo_find_match, ssh_msg_kex.compression_algorithms_client_to_server, algorithms_compression
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_compr_tx], eax
+        DEBUGF  2, "compression_algorithm_server_to_client "
-        mov     [esi+sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_256_ETM
+        stdcall sshlib_algo_find_match, ssh_msg_kex.compression_algorithms_server_to_client, algorithms_compression
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_compr_rx], eax
+        DEBUGF  2, "language_client_to_server "
+        stdcall sshlib_algo_find_match, ssh_msg_kex.languages_client_to_server, languages
+        DEBUGF  2, "language_server_to_client "
+        stdcall sshlib_algo_find_match, ssh_msg_kex.languages_server_to_client, languages
         mov     [esi+sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_256_ETM
-        mov     [esi+sshlib_connection.algo_compr_rx], SSHLIB_ALGO_NONE
+        lodsb
-        mov     [esi+sshlib_connection.algo_compr_tx], SSHLIB_ALGO_NONE
+        DEBUGF  2, "KEX First Packet Follows: %u\n", al
         mov     dword[esi], eax
         invoke  sha2_256.update, [ctx_ptr], esi, edx
+; Exchange keys with the server
+        mov     ebx, [con_ptr]
+        cmp     [ebx + sshlib_connection.algo_kex], SSHLIB_KEX_DH_SHA256        ; only kex algo supported for now
-; Exchange keys with the server
+        jne     .err_no_algo
         stdcall sshlib_dh_gex, [con_ptr]
         test    eax, eax
         jmp     .have_rx_crypt_and_mac
   .have_rx_crypt:
-        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_256
+        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_MAC_HMAC_SHA2_256
         je      .rx_hmac_sha2_256
-        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_512
+        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_MAC_HMAC_SHA2_512
         je      .rx_hmac_sha2_512
-        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_256_ETM
+        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_MAC_HMAC_SHA2_256_ETM
         je      .rx_hmac_sha2_256_etm
-        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_512_ETM
+        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_MAC_HMAC_SHA2_512_ETM
         jmp     .have_tx_crypt_and_mac
   .have_tx_crypt:
-        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_256
+        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_MAC_HMAC_SHA2_256
         je      .tx_hmac_sha2_256
-        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_512
+        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_MAC_HMAC_SHA2_512
         je      .tx_hmac_sha2_512
-        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_256_ETM
+        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_MAC_HMAC_SHA2_256_ETM
         je      .tx_hmac_sha2_256_etm
-        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_512_ETM
+        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_MAC_HMAC_SHA2_512_ETM
         jmp     .have_tx_crypt_and_mac
   .have_tx_crypt_and_mac:
   .have_tx_crypt_and_mac:
 ; Re-seed RNG for padding bytes
+        call    create_seed
+        call    init_random
+        xor     eax, eax
-        call    create_seed
+        ret
         call    init_random
   .err_no_algo:
-        xor     eax, eax
+        mov     eax, SSHLIB_ERR_NO_ALGO
         ret
+endp
+proc sshlib_algo_find_match uses ebx ecx edx edi, client_str, algo_list
+locals
+        server_str      dd ?
+        next_str        dd ?
+        current         dd ?
+endl
+        lodsd
+        mov     [server_str], esi
+        bswap   eax
+        lea     ecx, [esi + eax]
+        mov     [next_str], ecx
+        mov     edi, [client_str]
+        mov     edx, dword[edi]
+        bswap   edx
+        add     edi, 4
+        add     edx, edi        ; end of string
+  .go:
+        mov     [current], edi
+  .cmp:
+        cmp     esi, ecx
+        jae     .end_of_s
+        mov     al, byte[esi]
+        inc     esi
+  .cmp_1:
+        cmp     edi, edx
+        jae     .end_of_c
+        mov     bl, byte[edi]
+        inc     edi
+  .cmp_2:
+        cmp     al, bl
+        jne     .mismatch
+        cmp     al, ','
+        jne     .cmp
+; algo matches, print it to debug board
+        DEBUGF  2, "= "
+        mov     edi, [current]
+  @@:
+        cmp     edi, edx
+        jae     @f
+        mov     cl, byte[edi]
+        cmp     cl, ','
+        je      @f
+        mcall   63, 1
+        inc     edi
+        jmp     @r
+  @@:
+;        mcall   63, 1, 10       ; print newline
+; and now find it in algo list
+        mov     esi, [algo_list]
+  .algo_loop:
+        mov     edi, [current]
+        lodsd
+        mov     ebx, eax        ; algo code
+        test    eax, eax
+        jz      .no_match
+  .algo_charloop:
+        lodsb
+        test    al, al
+        jz      .check_end
+        cmp     al, byte[edi]
+        jne     .next_algo
+        inc     edi
+        cmp     edi, edx
+        jb      .algo_charloop
+; we reached end of input, check end of algo token
+        cmp     byte[esi], 0
+        je      .algo_match
+        jmp     .next_algo
+; we reached end of algo token, check end of input
+  .check_end:
+        cmp     byte[edi], ','
+        je      .algo_match
+  .next_algo_loop:
+        lodsb
+  .next_algo:
+        test    al, al
+        jnz     .next_algo_loop
+        jmp     .algo_loop
+  .algo_match:
+        mov     eax, ebx
+        mov     esi, [next_str]
+        DEBUGF  2," (%u)\n", eax
+        ret
+  .end_of_s:
+        mov     al, ','
+        jmp     .cmp_1
+  .end_of_c:
+        mov     bl, ','
+        jmp     .cmp_2
+  .mismatch:
+; character mismatch, reset client str and go to next server token
+        mov     edi, [current]
+  @@:
+        mov     al, byte[esi]
+        inc     esi
+        cmp     al, ','
+        je      .cmp
+        cmp     esi, ecx
+        jb      @r
+; end of server str, reset it and go to next client token
+        mov     esi, [server_str]
+  @@:
+        mov     bl, byte[edi]
+        inc     edi
+        cmp     bl, ','
+        je     .go
+        cmp     edi, edx
+        jb      @r
+; end of client str, no match found
+  .no_match:
+        xor     eax, eax
+        mov     esi, [next_str]
+        DEBUGF  2," (%u)\n", eax
+        ret
 endp

Subversion Repositories Kolibri OS

(root)/programs/network/ssh/sshlib_connection.inc @ 9132 – Rev 9990 → 9991