WebSVN – Kolibri OS – Diff – /programs/network/ssh/dh_gex.inc

 proc dh_gex
 ;----------------------------------------------
 ; >> Send Diffie-Hellman Group Exchange Request
-        DEBUGF  1, "Sending GEX\n"
+        DEBUGF  2, "Sending GEX\n"
-        stdcall ssh_send_packet, [socketnum], ssh_gex_req, ssh_gex_req.length, 0
+        stdcall ssh_send_packet, con, ssh_gex_req, ssh_gex_req.length, 0
         cmp     eax, -1
         je      .socket_err
 ;---------------------------------------------
 ; << Parse Diffie-Hellman Group Exchange Group
-        stdcall ssh_recv_packet, [socketnum], rx_buffer, BUFFERSIZE, 0
+        stdcall ssh_recv_packet, con, 0
         cmp     eax, -1
         je      .socket_err
-        cmp     [rx_buffer+ssh_header.message_code], SSH_MSG_KEX_DH_GEX_GROUP
+        cmp     [con.rx_buffer.message_code], SSH_MSG_KEX_DH_GEX_GROUP
         jne     proto_err
-        DEBUGF  1, "Received GEX group\n"
+        DEBUGF  2, "Received GEX group\n"
-        mov     esi, rx_buffer+sizeof.ssh_header
+        mov     esi, con.rx_buffer+sizeof.ssh_packet_header
-        mov     edi, dh_p
+        mov     edi, con.dh_p
         DEBUGF  1, "DH modulus (p): "
         call    mpint_to_little_endian
-        stdcall mpint_print, dh_p
+        stdcall mpint_print, con.dh_p
         DEBUGF  1, "DH base (g): "
-        mov     edi, dh_g
+        mov     edi, con.dh_g
         call    mpint_to_little_endian
-        stdcall mpint_print, dh_g
+        stdcall mpint_print, con.dh_g
 ;-------------------------------------------
 ; >> Send Diffie-Hellman Group Exchange Init
 ; If the highest bit is set, add a zero byte
         shl     eax, 1
         jnc     @f
         mov     byte[edi], 0
-        inc     dword[dh_x]
+        inc     dword[con.dh_x]
   @@:
 ; Fill remaining bytes with zeros       ; TO BE REMOVED ?
 if ((MAX_BITS-DH_PRIVATE_KEY_SIZE) > 0)
         mov     ecx, (MAX_BITS-DH_PRIVATE_KEY_SIZE)/8/4
         xor     eax, eax
-        rep     stosd
+        rep stosd
 end if
         DEBUGF  1, "DH x: "
-        stdcall mpint_length, dh_x;;;;;;;;;;;;;
+        stdcall mpint_length, con.dh_x;;;;;;;;;;;;;
-        stdcall mpint_print, dh_x
+        stdcall mpint_print, con.dh_x
 ; Compute e = g^x mod p
-        stdcall mpint_modexp, dh_e, dh_g, dh_x, dh_p
+        stdcall mpint_modexp, con.dh_e, con.dh_g, con.dh_x, con.dh_p
-        stdcall mpint_length, dh_e
+        stdcall mpint_length, con.dh_e
         DEBUGF  1, "DH e: "
-        stdcall mpint_print, dh_e
+        stdcall mpint_print, con.dh_e
 ; Create group exchange init packet
-        mov     edi, tx_buffer+ssh_header.message_code
+        mov     edi, con.tx_buffer.message_code
         mov     al, SSH_MSG_KEX_DH_GEX_INIT
         stosb
-        mov     esi, dh_e
+        mov     esi, con.dh_e
         call    mpint_to_big_endian
-        DEBUGF  1, "Sending GEX init\n"
+        DEBUGF  2, "Sending GEX init\n"
-        mov     ecx, dword[tx_buffer+ssh_header.message_code+1]
+        mov     ecx, dword[con.tx_buffer.message_code+1]
         bswap   ecx
         add     ecx, 5
-        stdcall ssh_send_packet, [socketnum], tx_buffer+ssh_header.message_code, ecx, 0
+        stdcall ssh_send_packet, con, con.tx_buffer.message_code, ecx, 0
         cmp     eax, -1
         je      .socket_err
 ;---------------------------------------------
 ; << Parse Diffie-Hellman Group Exchange Reply
-        stdcall ssh_recv_packet, [socketnum], rx_buffer, BUFFERSIZE, 0
+        stdcall ssh_recv_packet, con, 0
         cmp     eax, -1
         je      .socket_err
-        cmp     [rx_buffer+ssh_header.message_code], SSH_MSG_KEX_DH_GEX_REPLY
+        cmp     [con.rx_buffer.message_code], SSH_MSG_KEX_DH_GEX_REPLY
         jne     .proto_err
-        DEBUGF  1, "Received GEX Reply\n"
+        DEBUGF  2, "Received GEX Reply\n"
 ;--------------------------------
-; HASH: string  K_S, the host key
+; HASH: string K_S, the host key
-        mov     esi, rx_buffer+sizeof.ssh_header
-        mov     edx, [esi]
-        bswap   edx
+        mov     esi, con.rx_buffer+sizeof.ssh_packet_header
-        add     edx, 4
+        mov     edx, [esi]
-        lea     ebx, [esi+edx]
+        bswap   edx
-        push    ebx
+        add     edx, 4
-        call    sha256_update
+        lea     ebx, [esi+edx]
         push    ebx
-;--------------------------------------------------------------------------
+        invoke  sha256_update, con.temp_ctx, esi, edx
-; HASH: uint32  min, minimal size in bits of an acceptable group
 ;       uint32  n, preferred size in bits of the group the server will send
-;       uint32  max, maximal size in bits of an acceptable group
+;--------------------------------------------------------------------------
-        mov     esi, ssh_gex_req+sizeof.ssh_header-ssh_header.message_code
+; HASH: uint32 min, minimal size in bits of an acceptable group
-        mov     edx, 12
+;       uint32 n, preferred size in bits of the group the server will send
-        call    sha256_update
+;       uint32 max, maximal size in bits of an acceptable group
         invoke  sha256_update, con.temp_ctx, ssh_gex_req+sizeof.ssh_packet_header-ssh_packet_header.message_code, 12
-;----------------------------
-; HASH: mpint   p, safe prime
-        mov     esi, dh_p
+;----------------------------
-        mov     edi, mpint_tmp
+; HASH: mpint p, safe prime
-        call    mpint_to_big_endian
+        mov     esi, con.dh_p
-        lea     edx, [eax+4]
+        mov     edi, mpint_tmp
-        mov     esi, mpint_tmp
+        call    mpint_to_big_endian
-        call    sha256_update
+        lea     edx, [eax+4]
+        invoke  sha256_update, con.temp_ctx, mpint_tmp, edx
 ;----------------------------------------
-; HASH: mpint   g, generator for subgroup
+;----------------------------------------
-        mov     esi, dh_g
+; HASH: mpint g, generator for subgroup
-        mov     edi, mpint_tmp
+        mov     esi, con.dh_g
-        call    mpint_to_big_endian
+        mov     edi, mpint_tmp
-        lea     edx, [eax+4]
+        call    mpint_to_big_endian
-        mov     esi, mpint_tmp
+        lea     edx, [eax+4]
-        call    sha256_update
+        invoke  sha256_update, con.temp_ctx, mpint_tmp, edx
 ;---------------------------------------------------
-; HASH: mpint   e, exchange value sent by the client
+; HASH: mpint e, exchange value sent by the client
-        mov     esi, tx_buffer+sizeof.ssh_header
+        mov     esi, con.tx_buffer+sizeof.ssh_packet_header
         mov     edx, [esi]
         bswap   edx
         add     edx, 4
-        call    sha256_update
+        invoke  sha256_update, con.temp_ctx, esi, edx
 ;---------------------------------------------------
-; HASH: mpint   f, exchange value sent by the server
+; HASH: mpint f, exchange value sent by the server
         mov     esi, [esp]
         mov     edx, [esi]
         bswap   edx
         add     edx, 4
-        call    sha256_update
+        invoke  sha256_update, con.temp_ctx, esi, edx
         pop     esi
-        mov     edi, dh_f
+        mov     edi, con.dh_f
         call    mpint_to_little_endian
         DEBUGF  1, "DH f: "
-        stdcall mpint_print, dh_f
+        stdcall mpint_print, con.dh_f
-        mov     edi, dh_signature
-        call    mpint_to_little_endian
+        mov     edi, con.dh_signature
         call    mpint_to_little_endian
+        DEBUGF  1, "DH signature: "
-        DEBUGF  1, "DH signature: "
+        stdcall mpint_print, con.dh_signature
-        stdcall mpint_print, dh_signature
+;--------------------------------------
 ; Calculate shared secret K = f^x mod p
-;--------------------------------------
+        stdcall mpint_modexp, con.rx_buffer, con.dh_f, con.dh_x, con.dh_p
-; Calculate shared secret K = f^x mod p
+        stdcall mpint_length, con.rx_buffer
-        stdcall mpint_modexp, rx_buffer, dh_f, dh_x, dh_p
-        stdcall mpint_length, rx_buffer
+        DEBUGF  1, "DH K: "
+        stdcall mpint_print, con.rx_buffer
         DEBUGF  1, "DH K: "
-        stdcall mpint_print, rx_buffer
+; We always need it in big endian order, so store it as such.
         mov     edi, con.dh_K
-; We always need it in big endian order, so store it as such.
+        mov     esi, con.rx_buffer
+        call    mpint_to_big_endian
+        mov     [con.dh_K_length], eax
+;-----------------------------------
+; HASH: mpint K, the shared secret
+        mov     edx, [con.dh_K_length]
+        add     edx, 4
-        mov     edi, dh_K
+        invoke  sha256_update, con.temp_ctx, con.dh_K, edx
         mov     esi, rx_buffer
-        call    mpint_to_big_endian
+;-------------------------------
-        mov     [dh_K.length], eax
+; Finalize the exchange hash (H)
-;-----------------------------------
+        invoke  sha256_final, con.temp_ctx
-; HASH: mpint   K, the shared secret
-        mov     edx, [dh_K.length]
+        mov     esi, con.temp_ctx.hash
-        add     edx, 4
+        mov     edi, con.dh_H
-        mov     esi, dh_K
+        mov     ecx, SHA256_HASH_SIZE/4
-        call    sha256_update
-;-------------------------------
+        rep movsd
-; Finalize the exchange hash (H)
-        mov     edi, dh_H
+        DEBUGF  1, "Exchange hash H: "
-        call    sha256_final
+        stdcall dump_hex, con.dh_H, 8
-        DEBUGF  1, "Exchange hash H: "
-        stdcall dump_256bit_hex, dh_H
+; TODO: skip this block when re-keying
+        mov     esi, con.dh_H
-; TODO: skip this block when re-keying
+        mov     edi, con.session_id
-        mov     esi, dh_H
+        mov     ecx, SHA256_HASH_SIZE/4
-        mov     edi, session_id
+        rep movsd
-        mov     ecx, 32/4
-        rep movsd
+;---------------
-;---------------
 ; Calculate keys
-; TODO: re-use partial hash of K and H
+; First, calculate partial hash of K and H so we can re-use it for every key.
-;---------------------------------------------------------------
-; Initial IV client to server: HASH(K || H || "A" || session_id)
+        invoke  sha256_init, con.k_h_ctx
-        call    sha256_init
-        mov     edx, [dh_K.length]
-        add     edx, 4
+        mov     edx, [con.dh_K_length]
-        mov     esi, dh_K
+        add     edx, 4
-        call    sha256_update
+        invoke  sha256_update, con.k_h_ctx, con.dh_K, edx
-        mov     edx, 32
+        invoke  sha256_update, con.k_h_ctx, con.dh_H, 32
         mov     esi, dh_H
-        call    sha256_update
+;---------------------------------------------------------------
-        mov     edx, 1
+; Initial IV client to server: HASH(K || H || "A" || session_id)
-        mov     esi, str_A
-        call    sha256_update
-        mov     edx, 32
+        mov     esi, con.k_h_ctx
-        mov     esi, session_id
-        call    sha256_update
+        mov     edi, con.temp_ctx
-        mov     edi, tx_iv
+        mov     ecx, sizeof.ctx_sha224256/4
-        call    sha256_final
+        rep movsd
-        DEBUGF  1, "Remote IV: "
-        stdcall dump_256bit_hex, tx_iv
+        mov     [con.session_id_prefix], 'A'
+        invoke  sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
-;---------------------------------------------------------------
+        invoke  sha256_final, con.temp_ctx.hash
-; Initial IV server to client: HASH(K || H || "B" || session_id)
+        mov     edi, con.tx_iv
-        call    sha256_init
+        mov     esi, con.temp_ctx
-        mov     edx, [dh_K.length]
+        mov     ecx, SHA256_HASH_SIZE/4
-        add     edx, 4
+        rep movsd
         mov     esi, dh_K
-        call    sha256_update
+        DEBUGF  1, "Remote IV: "
-        mov     edx, 32
+        stdcall dump_hex, con.tx_iv, 8
-        mov     esi, dh_H
-        call    sha256_update
-        mov     edx, 1
+;---------------------------------------------------------------
-        mov     esi, str_B
-        call    sha256_update
+; Initial IV server to client: HASH(K || H || "B" || session_id)
-        mov     edx, 32
-        mov     esi, session_id
+        mov     esi, con.k_h_ctx
-        call    sha256_update
-        mov     edi, rx_iv
-        call    sha256_final
+        mov     edi, con.temp_ctx
+        mov     ecx, sizeof.ctx_sha224256/4
-        DEBUGF  1, "Local IV: "
+        rep     movsd
-        stdcall dump_256bit_hex, rx_iv
+        inc     [con.session_id_prefix]
-;-------------------------------------------------------------------
+        invoke  sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
-; Encryption key client to server: HASH(K || H || "C" || session_id)
+        invoke  sha256_final, con.temp_ctx
+        mov     edi, con.rx_iv
-        call    sha256_init
+        mov     esi, con.temp_ctx
-        mov     edx, [dh_K.length]
+        mov     ecx, SHA256_HASH_SIZE/4
-        add     edx, 4
+        rep movsd
-        mov     esi, dh_K
-        call    sha256_update
-        mov     edx, 32
+        DEBUGF  1, "Local IV: "
-        mov     esi, dh_H
-        call    sha256_update
+        stdcall dump_hex, con.rx_iv, 8
-        mov     edx, 1
-        mov     esi, str_C
+;-------------------------------------------------------------------
-        call    sha256_update
-        mov     edx, 32
-        mov     esi, session_id
+; Encryption key client to server: HASH(K || H || "C" || session_id)
-        call    sha256_update
-        mov     edi, tx_enc_key
+        mov     esi, con.k_h_ctx
-        call    sha256_final
+        mov     edi, con.temp_ctx
-        DEBUGF  1, "Remote key: "
+        mov     ecx, sizeof.ctx_sha224256/4
-        stdcall dump_256bit_hex, tx_enc_key
+        rep     movsd
+        inc     [con.session_id_prefix]
-;-------------------------------------------------------------------
+        invoke  sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
-; Encryption key server to client: HASH(K || H || "D" || session_id)
+        invoke  sha256_final, con.temp_ctx
+        mov     edi, con.tx_enc_key
-        call    sha256_init
+        mov     esi, con.temp_ctx
-        mov     edx, [dh_K.length]
-        add     edx, 4
+        mov     ecx, SHA256_HASH_SIZE/4
-        mov     esi, dh_K
-        call    sha256_update
+        rep movsd
-        mov     edx, 32
-        mov     esi, dh_H
+        DEBUGF  1, "Remote key: "
-        call    sha256_update
-        mov     edx, 1
-        mov     esi, str_D
+        stdcall dump_hex, con.tx_enc_key, 8
-        call    sha256_update
-        mov     edx, 32
+;-------------------------------------------------------------------
-        mov     esi, session_id
-        call    sha256_update
+; Encryption key server to client: HASH(K || H || "D" || session_id)
-        mov     edi, rx_enc_key
-        call    sha256_final
+        mov     esi, con.k_h_ctx
+        mov     edi, con.temp_ctx
-        DEBUGF  1, "Local key: "
+        mov     ecx, sizeof.ctx_sha224256/4
-        stdcall dump_256bit_hex, rx_enc_key
+        rep     movsd
+        inc     [con.session_id_prefix]
-;------------------------------------------------------------------
+        invoke  sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
-; Integrity key client to server: HASH(K || H || "E" || session_id)
+        invoke  sha256_final, con.temp_ctx
+        mov     edi, con.rx_enc_key
-        call    sha256_init
+        mov     esi, con.temp_ctx
-        mov     edx, [dh_K.length]
+        mov     ecx, SHA256_HASH_SIZE/4
-        add     edx, 4
+        rep movsd
         mov     esi, dh_K
-        call    sha256_update
+        DEBUGF  1, "Local key: "
-        mov     edx, 32
+        stdcall dump_hex, con.rx_enc_key, 8
         mov     esi, dh_H
-        call    sha256_update
+;------------------------------------------------------------------
-        mov     edx, 1
+; Integrity key client to server: HASH(K || H || "E" || session_id)
         mov     esi, str_E
-        call    sha256_update
+        mov     esi, con.k_h_ctx
-        mov     edx, 32
+        mov     edi, con.temp_ctx
-        mov     esi, session_id
+        mov     ecx, sizeof.ctx_sha224256/4
-        call    sha256_update
+        rep     movsd
-        mov     edi, tx_int_key
+        inc     [con.session_id_prefix]
-        call    sha256_final
+        invoke  sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
-        DEBUGF  1, "Remote Integrity key: "
-        stdcall dump_256bit_hex, tx_int_key
-;------------------------------------------------------------------
-; Integrity key server to client: HASH(K || H || "F" || session_id)
-        call    sha256_init
-        mov     edx, [dh_K.length]
-        add     edx, 4
-        mov     esi, dh_K
-        call    sha256_update
-        mov     edx, 32
-        mov     esi, dh_H
-        call    sha256_update
-        mov     edx, 1
-        mov     esi, str_F
-        call    sha256_update
-        mov     edx, 32
-        mov     esi, session_id
-        call    sha256_update
-        mov     edi, rx_int_key
-        call    sha256_final
-        DEBUGF  1, "Local Integrity key: "
-        stdcall dump_256bit_hex, rx_int_key
-;-------------------------------------
+        invoke  sha256_final, con.temp_ctx

Subversion Repositories Kolibri OS

(root)/programs/network/ssh/dh_gex.inc – Rev 6419 → 6469