Rev 6419 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 6419 | Rev 6469 | ||
---|---|---|---|
Line 23... | Line 23... | ||
23 | proc dh_gex |
23 | proc dh_gex |
Line 24... | Line 24... | ||
24 | 24 | ||
25 | ;---------------------------------------------- |
25 | ;---------------------------------------------- |
Line 26... | Line 26... | ||
26 | ; >> Send Diffie-Hellman Group Exchange Request |
26 | ; >> Send Diffie-Hellman Group Exchange Request |
27 | 27 | ||
28 | DEBUGF 1, "Sending GEX\n" |
28 | DEBUGF 2, "Sending GEX\n" |
29 | stdcall ssh_send_packet, [socketnum], ssh_gex_req, ssh_gex_req.length, 0 |
29 | stdcall ssh_send_packet, con, ssh_gex_req, ssh_gex_req.length, 0 |
Line 30... | Line 30... | ||
30 | cmp eax, -1 |
30 | cmp eax, -1 |
31 | je .socket_err |
31 | je .socket_err |
Line 32... | Line 32... | ||
32 | 32 | ||
33 | ;--------------------------------------------- |
33 | ;--------------------------------------------- |
34 | ; << Parse Diffie-Hellman Group Exchange Group |
34 | ; << Parse Diffie-Hellman Group Exchange Group |
Line 35... | Line 35... | ||
35 | 35 | ||
36 | stdcall ssh_recv_packet, [socketnum], rx_buffer, BUFFERSIZE, 0 |
36 | stdcall ssh_recv_packet, con, 0 |
37 | cmp eax, -1 |
37 | cmp eax, -1 |
Line 38... | Line 38... | ||
38 | je .socket_err |
38 | je .socket_err |
39 | 39 | ||
40 | cmp [rx_buffer+ssh_header.message_code], SSH_MSG_KEX_DH_GEX_GROUP |
40 | cmp [con.rx_buffer.message_code], SSH_MSG_KEX_DH_GEX_GROUP |
41 | jne proto_err |
41 | jne proto_err |
42 | DEBUGF 1, "Received GEX group\n" |
42 | DEBUGF 2, "Received GEX group\n" |
Line 43... | Line 43... | ||
43 | 43 | ||
44 | mov esi, rx_buffer+sizeof.ssh_header |
44 | mov esi, con.rx_buffer+sizeof.ssh_packet_header |
45 | mov edi, dh_p |
45 | mov edi, con.dh_p |
46 | DEBUGF 1, "DH modulus (p): " |
46 | DEBUGF 1, "DH modulus (p): " |
Line 47... | Line 47... | ||
47 | call mpint_to_little_endian |
47 | call mpint_to_little_endian |
48 | stdcall mpint_print, dh_p |
48 | stdcall mpint_print, con.dh_p |
Line 49... | Line 49... | ||
49 | 49 | ||
50 | DEBUGF 1, "DH base (g): " |
50 | DEBUGF 1, "DH base (g): " |
51 | mov edi, dh_g |
51 | mov edi, con.dh_g |
52 | call mpint_to_little_endian |
52 | call mpint_to_little_endian |
53 | stdcall mpint_print, dh_g |
53 | stdcall mpint_print, con.dh_g |
54 | 54 | ||
55 | ;------------------------------------------- |
55 | ;------------------------------------------- |
56 | ; >> Send Diffie-Hellman Group Exchange Init |
56 | ; >> Send Diffie-Hellman Group Exchange Init |
Line 69... | Line 69... | ||
69 | 69 | ||
70 | ; If the highest bit is set, add a zero byte |
70 | ; If the highest bit is set, add a zero byte |
71 | shl eax, 1 |
71 | shl eax, 1 |
72 | jnc @f |
72 | jnc @f |
73 | mov byte[edi], 0 |
73 | mov byte[edi], 0 |
74 | inc dword[dh_x] |
74 | inc dword[con.dh_x] |
Line 75... | Line 75... | ||
75 | @@: |
75 | @@: |
76 | 76 | ||
77 | ; Fill remaining bytes with zeros ; TO BE REMOVED ? |
77 | ; Fill remaining bytes with zeros ; TO BE REMOVED ? |
78 | if ((MAX_BITS-DH_PRIVATE_KEY_SIZE) > 0) |
78 | if ((MAX_BITS-DH_PRIVATE_KEY_SIZE) > 0) |
79 | mov ecx, (MAX_BITS-DH_PRIVATE_KEY_SIZE)/8/4 |
79 | mov ecx, (MAX_BITS-DH_PRIVATE_KEY_SIZE)/8/4 |
80 | xor eax, eax |
80 | xor eax, eax |
Line 81... | Line 81... | ||
81 | rep stosd |
81 | rep stosd |
82 | end if |
82 | end if |
83 | 83 | ||
Line 84... | Line 84... | ||
84 | DEBUGF 1, "DH x: " |
84 | DEBUGF 1, "DH x: " |
85 | stdcall mpint_length, dh_x;;;;;;;;;;;;; |
85 | stdcall mpint_length, con.dh_x;;;;;;;;;;;;; |
86 | stdcall mpint_print, dh_x |
86 | stdcall mpint_print, con.dh_x |
Line 87... | Line 87... | ||
87 | 87 | ||
88 | ; Compute e = g^x mod p |
88 | ; Compute e = g^x mod p |
Line 89... | Line 89... | ||
89 | stdcall mpint_modexp, dh_e, dh_g, dh_x, dh_p |
89 | stdcall mpint_modexp, con.dh_e, con.dh_g, con.dh_x, con.dh_p |
90 | stdcall mpint_length, dh_e |
90 | stdcall mpint_length, con.dh_e |
91 | 91 | ||
92 | DEBUGF 1, "DH e: " |
92 | DEBUGF 1, "DH e: " |
93 | stdcall mpint_print, dh_e |
93 | stdcall mpint_print, con.dh_e |
94 | 94 | ||
Line 95... | Line 95... | ||
95 | ; Create group exchange init packet |
95 | ; Create group exchange init packet |
96 | mov edi, tx_buffer+ssh_header.message_code |
96 | mov edi, con.tx_buffer.message_code |
97 | mov al, SSH_MSG_KEX_DH_GEX_INIT |
97 | mov al, SSH_MSG_KEX_DH_GEX_INIT |
98 | stosb |
98 | stosb |
99 | mov esi, dh_e |
99 | mov esi, con.dh_e |
100 | call mpint_to_big_endian |
100 | call mpint_to_big_endian |
101 | 101 | ||
Line 102... | Line 102... | ||
102 | DEBUGF 1, "Sending GEX init\n" |
102 | DEBUGF 2, "Sending GEX init\n" |
103 | mov ecx, dword[tx_buffer+ssh_header.message_code+1] |
103 | mov ecx, dword[con.tx_buffer.message_code+1] |
Line 104... | Line 104... | ||
104 | bswap ecx |
104 | bswap ecx |
105 | add ecx, 5 |
105 | add ecx, 5 |
106 | stdcall ssh_send_packet, [socketnum], tx_buffer+ssh_header.message_code, ecx, 0 |
106 | stdcall ssh_send_packet, con, con.tx_buffer.message_code, ecx, 0 |
Line 107... | Line 107... | ||
107 | cmp eax, -1 |
107 | cmp eax, -1 |
108 | je .socket_err |
108 | je .socket_err |
Line 109... | Line 109... | ||
109 | 109 | ||
Line 110... | Line 110... | ||
110 | ;--------------------------------------------- |
110 | ;--------------------------------------------- |
111 | ; << Parse Diffie-Hellman Group Exchange Reply |
111 | ; << Parse Diffie-Hellman Group Exchange Reply |
112 | 112 | ||
113 | stdcall ssh_recv_packet, [socketnum], rx_buffer, BUFFERSIZE, 0 |
113 | stdcall ssh_recv_packet, con, 0 |
114 | cmp eax, -1 |
114 | cmp eax, -1 |
115 | je .socket_err |
115 | je .socket_err |
116 | 116 | ||
117 | cmp [rx_buffer+ssh_header.message_code], SSH_MSG_KEX_DH_GEX_REPLY |
117 | cmp [con.rx_buffer.message_code], SSH_MSG_KEX_DH_GEX_REPLY |
118 | jne .proto_err |
118 | jne .proto_err |
Line 119... | Line 119... | ||
119 | 119 | ||
120 | DEBUGF 1, "Received GEX Reply\n" |
120 | DEBUGF 2, "Received GEX Reply\n" |
121 | 121 | ||
122 | ;-------------------------------- |
122 | ;-------------------------------- |
123 | ; HASH: string K_S, the host key |
123 | ; HASH: string K_S, the host key |
124 | mov esi, rx_buffer+sizeof.ssh_header |
- | |
125 | mov edx, [esi] |
- | |
Line 126... | Line 124... | ||
126 | bswap edx |
124 | mov esi, con.rx_buffer+sizeof.ssh_packet_header |
127 | add edx, 4 |
125 | mov edx, [esi] |
128 | lea ebx, [esi+edx] |
126 | bswap edx |
129 | push ebx |
127 | add edx, 4 |
130 | call sha256_update |
128 | lea ebx, [esi+edx] |
131 | 129 | push ebx |
|
132 | ;-------------------------------------------------------------------------- |
130 | invoke sha256_update, con.temp_ctx, esi, edx |
133 | ; HASH: uint32 min, minimal size in bits of an acceptable group |
- | |
Line 134... | Line 131... | ||
134 | ; uint32 n, preferred size in bits of the group the server will send |
131 | |
135 | ; uint32 max, maximal size in bits of an acceptable group |
132 | ;-------------------------------------------------------------------------- |
136 | mov esi, ssh_gex_req+sizeof.ssh_header-ssh_header.message_code |
133 | ; HASH: uint32 min, minimal size in bits of an acceptable group |
137 | mov edx, 12 |
134 | ; uint32 n, preferred size in bits of the group the server will send |
138 | call sha256_update |
135 | ; uint32 max, maximal size in bits of an acceptable group |
139 | 136 | invoke sha256_update, con.temp_ctx, ssh_gex_req+sizeof.ssh_packet_header-ssh_packet_header.message_code, 12 |
|
140 | ;---------------------------- |
137 | |
141 | ; HASH: mpint p, safe prime |
- | |
Line 142... | Line 138... | ||
142 | mov esi, dh_p |
138 | ;---------------------------- |
143 | mov edi, mpint_tmp |
139 | ; HASH: mpint p, safe prime |
144 | call mpint_to_big_endian |
140 | mov esi, con.dh_p |
145 | lea edx, [eax+4] |
141 | mov edi, mpint_tmp |
146 | mov esi, mpint_tmp |
142 | call mpint_to_big_endian |
147 | call sha256_update |
143 | lea edx, [eax+4] |
148 | 144 | invoke sha256_update, con.temp_ctx, mpint_tmp, edx |
|
Line 149... | Line 145... | ||
149 | ;---------------------------------------- |
145 | |
150 | ; HASH: mpint g, generator for subgroup |
146 | ;---------------------------------------- |
151 | mov esi, dh_g |
147 | ; HASH: mpint g, generator for subgroup |
152 | mov edi, mpint_tmp |
148 | mov esi, con.dh_g |
153 | call mpint_to_big_endian |
149 | mov edi, mpint_tmp |
154 | lea edx, [eax+4] |
150 | call mpint_to_big_endian |
155 | mov esi, mpint_tmp |
151 | lea edx, [eax+4] |
156 | call sha256_update |
152 | invoke sha256_update, con.temp_ctx, mpint_tmp, edx |
Line 157... | Line 153... | ||
157 | 153 | ||
158 | ;--------------------------------------------------- |
154 | ;--------------------------------------------------- |
Line 159... | Line 155... | ||
159 | ; HASH: mpint e, exchange value sent by the client |
155 | ; HASH: mpint e, exchange value sent by the client |
160 | mov esi, tx_buffer+sizeof.ssh_header |
156 | mov esi, con.tx_buffer+sizeof.ssh_packet_header |
Line 161... | Line 157... | ||
161 | mov edx, [esi] |
157 | mov edx, [esi] |
162 | bswap edx |
158 | bswap edx |
Line 163... | Line 159... | ||
163 | add edx, 4 |
159 | add edx, 4 |
164 | call sha256_update |
160 | invoke sha256_update, con.temp_ctx, esi, edx |
Line 165... | Line 161... | ||
165 | 161 | ||
166 | ;--------------------------------------------------- |
162 | ;--------------------------------------------------- |
167 | ; HASH: mpint f, exchange value sent by the server |
163 | ; HASH: mpint f, exchange value sent by the server |
168 | mov esi, [esp] |
164 | mov esi, [esp] |
Line 169... | Line 165... | ||
169 | mov edx, [esi] |
165 | mov edx, [esi] |
170 | bswap edx |
166 | bswap edx |
Line 171... | Line 167... | ||
171 | add edx, 4 |
167 | add edx, 4 |
172 | call sha256_update |
168 | invoke sha256_update, con.temp_ctx, esi, edx |
173 | pop esi |
169 | pop esi |
174 | 170 | ||
175 | mov edi, dh_f |
171 | mov edi, con.dh_f |
Line 176... | Line 172... | ||
176 | call mpint_to_little_endian |
172 | call mpint_to_little_endian |
177 | 173 | ||
178 | DEBUGF 1, "DH f: " |
174 | DEBUGF 1, "DH f: " |
179 | stdcall mpint_print, dh_f |
175 | stdcall mpint_print, con.dh_f |
180 | - | ||
181 | mov edi, dh_signature |
176 | |
Line 182... | Line 177... | ||
182 | call mpint_to_little_endian |
177 | mov edi, con.dh_signature |
183 | 178 | call mpint_to_little_endian |
|
- | 179 | ||
- | 180 | DEBUGF 1, "DH signature: " |
|
184 | DEBUGF 1, "DH signature: " |
181 | stdcall mpint_print, con.dh_signature |
185 | stdcall mpint_print, dh_signature |
182 | |
- | 183 | ;-------------------------------------- |
|
Line 186... | Line 184... | ||
186 | 184 | ; Calculate shared secret K = f^x mod p |
|
187 | ;-------------------------------------- |
185 | stdcall mpint_modexp, con.rx_buffer, con.dh_f, con.dh_x, con.dh_p |
Line 188... | Line 186... | ||
188 | ; Calculate shared secret K = f^x mod p |
186 | stdcall mpint_length, con.rx_buffer |
189 | stdcall mpint_modexp, rx_buffer, dh_f, dh_x, dh_p |
187 | |
190 | stdcall mpint_length, rx_buffer |
188 | DEBUGF 1, "DH K: " |
191 | 189 | stdcall mpint_print, con.rx_buffer |
|
192 | DEBUGF 1, "DH K: " |
190 | |
Line 193... | Line 191... | ||
193 | stdcall mpint_print, rx_buffer |
191 | ; We always need it in big endian order, so store it as such. |
194 | 192 | mov edi, con.dh_K |
|
Line 195... | Line 193... | ||
195 | ; We always need it in big endian order, so store it as such. |
193 | mov esi, con.rx_buffer |
- | 194 | call mpint_to_big_endian |
|
- | 195 | mov [con.dh_K_length], eax |
|
- | 196 | ||
- | 197 | ;----------------------------------- |
|
- | 198 | ; HASH: mpint K, the shared secret |
|
- | 199 | mov edx, [con.dh_K_length] |
|
- | 200 | add edx, 4 |
|
Line 196... | Line 201... | ||
196 | mov edi, dh_K |
201 | invoke sha256_update, con.temp_ctx, con.dh_K, edx |
197 | mov esi, rx_buffer |
202 | |
Line 198... | Line 203... | ||
198 | call mpint_to_big_endian |
203 | ;------------------------------- |
199 | mov [dh_K.length], eax |
204 | ; Finalize the exchange hash (H) |
200 | - | ||
201 | ;----------------------------------- |
205 | invoke sha256_final, con.temp_ctx |
202 | ; HASH: mpint K, the shared secret |
- | |
203 | mov edx, [dh_K.length] |
206 | mov esi, con.temp_ctx.hash |
204 | add edx, 4 |
207 | mov edi, con.dh_H |
205 | mov esi, dh_K |
208 | mov ecx, SHA256_HASH_SIZE/4 |
206 | call sha256_update |
- | |
207 | - | ||
208 | ;------------------------------- |
209 | rep movsd |
209 | ; Finalize the exchange hash (H) |
210 | |
210 | mov edi, dh_H |
211 | DEBUGF 1, "Exchange hash H: " |
211 | call sha256_final |
- | |
212 | 212 | stdcall dump_hex, con.dh_H, 8 |
|
213 | DEBUGF 1, "Exchange hash H: " |
213 | |
Line 214... | Line 214... | ||
214 | stdcall dump_256bit_hex, dh_H |
214 | ; TODO: skip this block when re-keying |
215 | 215 | mov esi, con.dh_H |
|
Line 216... | Line 216... | ||
216 | ; TODO: skip this block when re-keying |
216 | mov edi, con.session_id |
217 | mov esi, dh_H |
217 | mov ecx, SHA256_HASH_SIZE/4 |
Line 218... | Line 218... | ||
218 | mov edi, session_id |
218 | rep movsd |
219 | mov ecx, 32/4 |
219 | |
220 | rep movsd |
- | |
221 | 220 | ;--------------- |
|
222 | ;--------------- |
- | |
223 | ; Calculate keys |
221 | ; Calculate keys |
224 | 222 | ||
225 | ; TODO: re-use partial hash of K and H |
223 | ; First, calculate partial hash of K and H so we can re-use it for every key. |
226 | - | ||
227 | ;--------------------------------------------------------------- |
- | |
228 | ; Initial IV client to server: HASH(K || H || "A" || session_id) |
224 | |
229 | 225 | invoke sha256_init, con.k_h_ctx |
|
230 | call sha256_init |
226 | |
231 | mov edx, [dh_K.length] |
- | |
232 | add edx, 4 |
227 | mov edx, [con.dh_K_length] |
233 | mov esi, dh_K |
228 | add edx, 4 |
Line 234... | Line 229... | ||
234 | call sha256_update |
229 | invoke sha256_update, con.k_h_ctx, con.dh_K, edx |
235 | mov edx, 32 |
230 | invoke sha256_update, con.k_h_ctx, con.dh_H, 32 |
Line 236... | Line 231... | ||
236 | mov esi, dh_H |
231 | |
237 | call sha256_update |
232 | ;--------------------------------------------------------------- |
Line 238... | Line 233... | ||
238 | mov edx, 1 |
233 | ; Initial IV client to server: HASH(K || H || "A" || session_id) |
239 | mov esi, str_A |
234 | |
240 | call sha256_update |
- | |
241 | mov edx, 32 |
235 | mov esi, con.k_h_ctx |
242 | mov esi, session_id |
- | |
243 | call sha256_update |
236 | mov edi, con.temp_ctx |
244 | mov edi, tx_iv |
237 | mov ecx, sizeof.ctx_sha224256/4 |
245 | call sha256_final |
238 | rep movsd |
246 | - | ||
247 | DEBUGF 1, "Remote IV: " |
- | |
248 | stdcall dump_256bit_hex, tx_iv |
239 | mov [con.session_id_prefix], 'A' |
249 | 240 | invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1 |
|
250 | ;--------------------------------------------------------------- |
241 | invoke sha256_final, con.temp_ctx.hash |
251 | ; Initial IV server to client: HASH(K || H || "B" || session_id) |
- | |
252 | 242 | mov edi, con.tx_iv |
|
253 | call sha256_init |
243 | mov esi, con.temp_ctx |
Line 254... | Line 244... | ||
254 | mov edx, [dh_K.length] |
244 | mov ecx, SHA256_HASH_SIZE/4 |
255 | add edx, 4 |
245 | rep movsd |
Line 256... | Line 246... | ||
256 | mov esi, dh_K |
246 | |
257 | call sha256_update |
247 | DEBUGF 1, "Remote IV: " |
Line 258... | Line 248... | ||
258 | mov edx, 32 |
248 | stdcall dump_hex, con.tx_iv, 8 |
259 | mov esi, dh_H |
249 | |
260 | call sha256_update |
- | |
261 | mov edx, 1 |
250 | ;--------------------------------------------------------------- |
262 | mov esi, str_B |
- | |
263 | call sha256_update |
251 | ; Initial IV server to client: HASH(K || H || "B" || session_id) |
264 | mov edx, 32 |
252 | |
265 | mov esi, session_id |
253 | mov esi, con.k_h_ctx |
266 | call sha256_update |
- | |
267 | mov edi, rx_iv |
- | |
268 | call sha256_final |
254 | mov edi, con.temp_ctx |
269 | 255 | mov ecx, sizeof.ctx_sha224256/4 |
|
270 | DEBUGF 1, "Local IV: " |
256 | rep movsd |
271 | stdcall dump_256bit_hex, rx_iv |
- | |
272 | 257 | inc [con.session_id_prefix] |
|
273 | ;------------------------------------------------------------------- |
258 | invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1 |
Line 274... | Line 259... | ||
274 | ; Encryption key client to server: HASH(K || H || "C" || session_id) |
259 | invoke sha256_final, con.temp_ctx |
275 | 260 | mov edi, con.rx_iv |
|
Line 276... | Line 261... | ||
276 | call sha256_init |
261 | mov esi, con.temp_ctx |
277 | mov edx, [dh_K.length] |
262 | mov ecx, SHA256_HASH_SIZE/4 |
Line 278... | Line 263... | ||
278 | add edx, 4 |
263 | rep movsd |
279 | mov esi, dh_K |
264 | |
280 | call sha256_update |
- | |
281 | mov edx, 32 |
265 | DEBUGF 1, "Local IV: " |
282 | mov esi, dh_H |
- | |
283 | call sha256_update |
266 | stdcall dump_hex, con.rx_iv, 8 |
284 | mov edx, 1 |
267 | |
285 | mov esi, str_C |
268 | ;------------------------------------------------------------------- |
286 | call sha256_update |
- | |
287 | mov edx, 32 |
- | |
288 | mov esi, session_id |
269 | ; Encryption key client to server: HASH(K || H || "C" || session_id) |
289 | call sha256_update |
270 | |
290 | mov edi, tx_enc_key |
271 | mov esi, con.k_h_ctx |
291 | call sha256_final |
- | |
292 | 272 | mov edi, con.temp_ctx |
|
293 | DEBUGF 1, "Remote key: " |
273 | mov ecx, sizeof.ctx_sha224256/4 |
Line 294... | Line 274... | ||
294 | stdcall dump_256bit_hex, tx_enc_key |
274 | rep movsd |
295 | 275 | inc [con.session_id_prefix] |
|
Line 296... | Line 276... | ||
296 | ;------------------------------------------------------------------- |
276 | invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1 |
297 | ; Encryption key server to client: HASH(K || H || "D" || session_id) |
277 | invoke sha256_final, con.temp_ctx |
Line 298... | Line 278... | ||
298 | 278 | mov edi, con.tx_enc_key |
|
299 | call sha256_init |
279 | mov esi, con.temp_ctx |
300 | mov edx, [dh_K.length] |
- | |
301 | add edx, 4 |
280 | mov ecx, SHA256_HASH_SIZE/4 |
302 | mov esi, dh_K |
- | |
303 | call sha256_update |
281 | rep movsd |
304 | mov edx, 32 |
282 | |
305 | mov esi, dh_H |
283 | DEBUGF 1, "Remote key: " |
306 | call sha256_update |
- | |
307 | mov edx, 1 |
- | |
308 | mov esi, str_D |
284 | stdcall dump_hex, con.tx_enc_key, 8 |
309 | call sha256_update |
285 | |
310 | mov edx, 32 |
286 | ;------------------------------------------------------------------- |
311 | mov esi, session_id |
- | |
312 | call sha256_update |
287 | ; Encryption key server to client: HASH(K || H || "D" || session_id) |
313 | mov edi, rx_enc_key |
288 | |
Line 314... | Line 289... | ||
314 | call sha256_final |
289 | mov esi, con.k_h_ctx |
315 | 290 | mov edi, con.temp_ctx |
|
Line 316... | Line 291... | ||
316 | DEBUGF 1, "Local key: " |
291 | mov ecx, sizeof.ctx_sha224256/4 |
317 | stdcall dump_256bit_hex, rx_enc_key |
292 | rep movsd |
Line 318... | Line 293... | ||
318 | 293 | inc [con.session_id_prefix] |
|
319 | ;------------------------------------------------------------------ |
294 | invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1 |
320 | ; Integrity key client to server: HASH(K || H || "E" || session_id) |
295 | invoke sha256_final, con.temp_ctx |
Line 321... | Line 296... | ||
321 | 296 | mov edi, con.rx_enc_key |
|
322 | call sha256_init |
297 | mov esi, con.temp_ctx |
Line 323... | Line 298... | ||
323 | mov edx, [dh_K.length] |
298 | mov ecx, SHA256_HASH_SIZE/4 |
Line 324... | Line 299... | ||
324 | add edx, 4 |
299 | rep movsd |
325 | mov esi, dh_K |
300 | |
Line 326... | Line 301... | ||
326 | call sha256_update |
301 | DEBUGF 1, "Local key: " |
Line 327... | Line 302... | ||
327 | mov edx, 32 |
302 | stdcall dump_hex, con.rx_enc_key, 8 |
328 | mov esi, dh_H |
303 | |
Line 329... | Line 304... | ||
329 | call sha256_update |
304 | ;------------------------------------------------------------------ |
330 | mov edx, 1 |
305 | ; Integrity key client to server: HASH(K || H || "E" || session_id) |
331 | mov esi, str_E |
306 | |
332 | call sha256_update |
307 | mov esi, con.k_h_ctx |
Line 333... | Line 308... | ||
333 | mov edx, 32 |
308 | mov edi, con.temp_ctx |
334 | mov esi, session_id |
309 | mov ecx, sizeof.ctx_sha224256/4 |
335 | call sha256_update |
310 | rep movsd |
336 | mov edi, tx_int_key |
311 | inc [con.session_id_prefix] |
Line 337... | Line 312... | ||
337 | call sha256_final |
312 | invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1 |
338 | - | ||
339 | DEBUGF 1, "Remote Integrity key: " |
- | |
340 | stdcall dump_256bit_hex, tx_int_key |
- | |
341 | - | ||
342 | ;------------------------------------------------------------------ |
- | |
343 | ; Integrity key server to client: HASH(K || H || "F" || session_id) |
- | |
344 | - | ||
345 | call sha256_init |
- | |
346 | mov edx, [dh_K.length] |
- | |
347 | add edx, 4 |
- | |
348 | mov esi, dh_K |
- | |
349 | call sha256_update |
- | |
350 | mov edx, 32 |
- | |
351 | mov esi, dh_H |
- | |
352 | call sha256_update |
- | |
353 | mov edx, 1 |
- | |
354 | mov esi, str_F |
- | |
355 | call sha256_update |
- | |
356 | mov edx, 32 |
- | |
357 | mov esi, session_id |
- | |
358 | call sha256_update |
- | |
359 | mov edi, rx_int_key |
- | |
360 | call sha256_final |
- | |
361 | - | ||
362 | DEBUGF 1, "Local Integrity key: " |
- | |
363 | stdcall dump_256bit_hex, rx_int_key |
- | |
364 | - | ||
365 | ;------------------------------------- |
313 | invoke sha256_final, con.temp_ctx |