Rev 9106 | Rev 9987 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 9106 | Rev 9216 | ||
---|---|---|---|
Line 42... | Line 42... | ||
42 | rx_int_key dd ? ; Rx integrity key |
42 | rx_int_key dd ? ; Rx integrity key |
43 | tx_int_key dd ? ; Tx integrity key |
43 | tx_int_key dd ? ; Tx integrity key |
Line 44... | Line 44... | ||
44 | 44 | ||
Line 45... | Line 45... | ||
45 | K_length dd ? |
45 | K_length dd ? |
Line 46... | Line 46... | ||
46 | 46 | ||
47 | session_id_x rb SHA256_HASH_SIZE+1 |
47 | session_id_x rb SHA2_256_LEN+1 |
48 | 48 | ||
Line 49... | Line 49... | ||
49 | str_K_S dd ? ; server public host key and certificates (K_S) |
49 | str_K_S dd ? ; server public host key and certificates (K_S) |
Line 50... | Line 50... | ||
50 | mpint_f_big dd ? ; pointer to original |
50 | mpint_f_big dd ? ; pointer to original |
Line 51... | Line 51... | ||
51 | str_s_of_H dd ? ; signature of H |
51 | str_s_of_H dd ? ; signature of H |
52 | 52 | ||
53 | endl |
53 | endl |
54 | 54 | ||
Line 55... | Line 55... | ||
55 | ; Allocate memory for temp variables |
55 | ; Allocate memory for temp variables |
Line 75... | Line 75... | ||
75 | add eax, (MAX_BITS/8+4) |
75 | add eax, (MAX_BITS/8+4) |
76 | mov [mpint_K_big], eax |
76 | mov [mpint_K_big], eax |
77 | add eax, (MAX_BITS/8+4) |
77 | add eax, (MAX_BITS/8+4) |
Line 78... | Line 78... | ||
78 | 78 | ||
79 | mov [k_h_ctx], eax |
79 | mov [k_h_ctx], eax |
80 | add eax, sizeof.crash_ctx |
80 | add eax, LIBCRASH_CTX_LEN |
81 | mov [temp_ctx], eax |
81 | mov [temp_ctx], eax |
Line 82... | Line 82... | ||
82 | add eax, sizeof.crash_ctx |
82 | add eax, LIBCRASH_CTX_LEN |
83 | 83 | ||
84 | mov [H], eax |
84 | mov [H], eax |
85 | add eax, SHA256_HASH_SIZE |
85 | add eax, SHA2_256_LEN |
86 | mov [rx_iv], eax |
86 | mov [rx_iv], eax |
87 | add eax, SHA256_HASH_SIZE |
87 | add eax, SHA2_256_LEN |
88 | mov [tx_iv], eax |
88 | mov [tx_iv], eax |
89 | add eax, SHA256_HASH_SIZE |
89 | add eax, SHA2_256_LEN |
90 | mov [rx_enc_key], eax |
90 | mov [rx_enc_key], eax |
91 | add eax, SHA256_HASH_SIZE |
91 | add eax, SHA2_256_LEN |
92 | mov [tx_enc_key], eax |
92 | mov [tx_enc_key], eax |
93 | add eax, SHA256_HASH_SIZE |
93 | add eax, SHA2_256_LEN |
94 | mov [rx_int_key], eax |
94 | mov [rx_int_key], eax |
95 | add eax, SHA256_HASH_SIZE |
95 | add eax, SHA2_256_LEN |
Line 96... | Line 96... | ||
96 | mov [tx_int_key], eax |
96 | mov [tx_int_key], eax |
Line 97... | Line 97... | ||
97 | ; add eax, SHA256_HASH_SIZE |
97 | ; add eax, SHA2_256_LEN |
98 | 98 | ||
99 | ; Copy the partial exchange hash to our temporary one |
99 | ; Copy the partial exchange hash to our temporary one |
100 | 100 | ||
101 | mov esi, [con_ptr] |
101 | mov esi, [con_ptr] |
Line 102... | Line 102... | ||
102 | lea esi, [esi+sshlib_connection.part_ex_hash_ctx] |
102 | lea esi, [esi+sshlib_connection.part_ex_hash_ctx] |
103 | mov edi, [temp_ctx] |
103 | mov edi, [temp_ctx] |
Line 199... | Line 199... | ||
199 | mov edx, [esi] |
199 | mov edx, [esi] |
200 | bswap edx |
200 | bswap edx |
201 | add edx, 4 |
201 | add edx, 4 |
202 | lea eax, [esi+edx] |
202 | lea eax, [esi+edx] |
203 | mov [mpint_f_big], eax |
203 | mov [mpint_f_big], eax |
204 | invoke sha256_update, [temp_ctx], esi, edx |
204 | invoke sha2_256_update, [temp_ctx], esi, edx |
Line 205... | Line 205... | ||
205 | 205 | ||
206 | ;-------------------------------------------------------------------------- |
206 | ;-------------------------------------------------------------------------- |
207 | ; HASH: uint32 min, minimal size in bits of an acceptable group |
207 | ; HASH: uint32 min, minimal size in bits of an acceptable group |
208 | ; uint32 n, preferred size in bits of the group the server will send |
208 | ; uint32 n, preferred size in bits of the group the server will send |
209 | ; uint32 max, maximal size in bits of an acceptable group |
209 | ; uint32 max, maximal size in bits of an acceptable group |
Line 210... | Line 210... | ||
210 | invoke sha256_update, [temp_ctx], ssh_msg_gex_req+sizeof.ssh_packet_header-ssh_packet_header.message_code, 12 |
210 | invoke sha2_256_update, [temp_ctx], ssh_msg_gex_req+sizeof.ssh_packet_header-ssh_packet_header.message_code, 12 |
211 | 211 | ||
212 | ;---------------------------- |
212 | ;---------------------------- |
213 | ; HASH: mpint p, safe prime |
213 | ; HASH: mpint p, safe prime |
214 | stdcall mpint_shrink, [mpint_p] |
214 | stdcall mpint_shrink, [mpint_p] |
215 | stdcall mpint_to_big_endian, [mpint_tmp], [mpint_p] |
215 | stdcall mpint_to_big_endian, [mpint_tmp], [mpint_p] |
Line 216... | Line 216... | ||
216 | add eax, 4 |
216 | add eax, 4 |
217 | invoke sha256_update, [temp_ctx], [mpint_tmp], eax |
217 | invoke sha2_256_update, [temp_ctx], [mpint_tmp], eax |
218 | 218 | ||
219 | ;---------------------------------------- |
219 | ;---------------------------------------- |
220 | ; HASH: mpint g, generator for subgroup |
220 | ; HASH: mpint g, generator for subgroup |
221 | stdcall mpint_shrink, [mpint_g] |
221 | stdcall mpint_shrink, [mpint_g] |
Line 222... | Line 222... | ||
222 | stdcall mpint_to_big_endian, [mpint_tmp], [mpint_g] |
222 | stdcall mpint_to_big_endian, [mpint_tmp], [mpint_g] |
223 | add eax, 4 |
223 | add eax, 4 |
224 | invoke sha256_update, [temp_ctx], [mpint_tmp], eax |
224 | invoke sha2_256_update, [temp_ctx], [mpint_tmp], eax |
225 | 225 | ||
226 | ;--------------------------------------------------- |
226 | ;--------------------------------------------------- |
227 | ; HASH: mpint e, exchange value sent by the client |
227 | ; HASH: mpint e, exchange value sent by the client |
228 | mov ebx, [con_ptr] |
228 | mov ebx, [con_ptr] |
229 | lea esi, [ebx + sshlib_connection.tx_buffer + sizeof.ssh_packet_header] |
229 | lea esi, [ebx + sshlib_connection.tx_buffer + sizeof.ssh_packet_header] |
Line 230... | Line 230... | ||
230 | mov edx, [esi] |
230 | mov edx, [esi] |
231 | bswap edx |
231 | bswap edx |
232 | add edx, 4 |
232 | add edx, 4 |
233 | invoke sha256_update, [temp_ctx], esi, edx |
233 | invoke sha2_256_update, [temp_ctx], esi, edx |
234 | 234 | ||
235 | ;--------------------------------------------------- |
235 | ;--------------------------------------------------- |
236 | ; HASH: mpint f, exchange value sent by the server |
236 | ; HASH: mpint f, exchange value sent by the server |
Line 237... | Line 237... | ||
237 | mov esi, [mpint_f_big] |
237 | mov esi, [mpint_f_big] |
238 | mov edx, [esi] |
238 | mov edx, [esi] |
239 | bswap edx |
239 | bswap edx |
240 | add edx, 4 |
240 | add edx, 4 |
Line 258... | Line 258... | ||
258 | mov [K_length], eax |
258 | mov [K_length], eax |
Line 259... | Line 259... | ||
259 | 259 | ||
260 | ;----------------------------------- |
260 | ;----------------------------------- |
261 | ; HASH: mpint K, the shared secret |
261 | ; HASH: mpint K, the shared secret |
262 | add eax, 4 |
262 | add eax, 4 |
Line 263... | Line 263... | ||
263 | invoke sha256_update, [temp_ctx], [mpint_K_big], eax |
263 | invoke sha2_256_update, [temp_ctx], [mpint_K_big], eax |
264 | 264 | ||
265 | ;------------------------------- |
265 | ;------------------------------- |
266 | ; Finalize the exchange hash (H) |
266 | ; Finalize the exchange hash (H) |
267 | invoke sha256_final, [temp_ctx] |
- | |
268 | mov esi, [temp_ctx] |
267 | invoke sha2_256_finish, [temp_ctx] |
269 | add esi, crash_ctx.hash |
268 | mov esi, [temp_ctx] |
270 | mov edi, [H] |
269 | mov edi, [H] |
Line 271... | Line 270... | ||
271 | mov ecx, SHA256_HASH_SIZE/4 |
270 | mov ecx, SHA2_256_LEN/4 |
272 | rep movsd |
271 | rep movsd |
Line 273... | Line 272... | ||
273 | 272 | ||
274 | DEBUGF 1, "Exchange hash H: " |
273 | DEBUGF 1, "Exchange hash H: " |
Line 275... | Line 274... | ||
275 | stdcall dump_hex, [H], SHA256_HASH_SIZE/4 |
274 | stdcall dump_hex, [H], SHA2_256_LEN/4 |
276 | 275 | ||
277 | ;-------------------------- |
276 | ;-------------------------- |
Line 278... | Line 277... | ||
278 | ; Set or get the session id |
277 | ; Set or get the session id |
279 | 278 | ||
280 | mov eax, [con_ptr] |
279 | mov eax, [con_ptr] |
281 | cmp [eax + sshlib_connection.status], SSHLIB_CON_STAT_KEX_DONE |
280 | cmp [eax + sshlib_connection.status], SSHLIB_CON_STAT_KEX_DONE |
Line 282... | Line 281... | ||
282 | jae @f |
281 | jae @f |
283 | 282 | ||
284 | ; If first KEX, verify host public key |
283 | ; If first KEX, verify host public key |
285 | stdcall sshlib_host_verify, [con_ptr], [str_K_S], [str_s_of_H], [H], SHA256_HASH_SIZE |
284 | stdcall sshlib_host_verify, [con_ptr], [str_K_S], [str_s_of_H], [H], SHA2_256_LEN |
286 | test eax, eax |
285 | test eax, eax |
287 | jnz .err |
286 | jnz .err |
Line 288... | Line 287... | ||
288 | 287 | ||
289 | mov eax, [con_ptr] |
288 | mov eax, [con_ptr] |
290 | mov esi, [H] |
289 | mov esi, [H] |
291 | lea edi, [eax + sshlib_connection.session_id] |
290 | lea edi, [eax + sshlib_connection.session_id] |
Line 292... | Line 291... | ||
292 | mov ecx, SHA256_HASH_SIZE/4 |
291 | mov ecx, SHA2_256_LEN/4 |
293 | rep movsd |
292 | rep movsd |
Line 294... | Line 293... | ||
294 | @@: |
293 | @@: |
Line 295... | Line 294... | ||
295 | 294 | ||
Line 296... | Line 295... | ||
296 | lea esi, [eax + sshlib_connection.session_id] |
295 | lea esi, [eax + sshlib_connection.session_id] |
297 | lea edi, [session_id_x+1] |
296 | lea edi, [session_id_x+1] |
298 | mov ecx, SHA256_HASH_SIZE/4 |
297 | mov ecx, SHA2_256_LEN/4 |
299 | rep movsd |
298 | rep movsd |
Line 300... | Line 299... | ||
300 | 299 | ||
301 | 300 | ||
Line 302... | Line 301... | ||
302 | ;--------------- |
301 | ;--------------- |
303 | ; Calculate keys |
302 | ; Calculate keys |
304 | 303 | ||
305 | ; First, calculate partial hash of K and H so we can re-use it for every key. |
304 | ; First, calculate partial hash of K and H so we can re-use it for every key. |
306 | 305 | ||
307 | invoke sha256_init, [k_h_ctx] |
306 | invoke sha2_256_init, [k_h_ctx] |
308 | 307 | ||
309 | mov ecx, [K_length] |
308 | mov ecx, [K_length] |
310 | add ecx, 4 |
309 | add ecx, 4 |
311 | invoke sha256_update, [k_h_ctx], [mpint_K_big], ecx |
310 | invoke sha2_256_update, [k_h_ctx], [mpint_K_big], ecx |
312 | invoke sha256_update, [k_h_ctx], [H], SHA256_HASH_SIZE |
311 | invoke sha2_256_update, [k_h_ctx], [H], SHA2_256_LEN |
313 | 312 | ||
Line 314... | Line 313... | ||
314 | ;--------------------------------------------------------------- |
313 | ;--------------------------------------------------------------- |
315 | ; Initial IV client to server: HASH(K || H || "A" || session_id) |
314 | ; Initial IV client to server: HASH(K || H || "A" || session_id) |
Line 316... | Line 315... | ||
316 | 315 | ||
317 | mov esi, [k_h_ctx] |
316 | mov esi, [k_h_ctx] |
Line 318... | Line 317... | ||
318 | mov edi, [temp_ctx] |
317 | mov edi, [temp_ctx] |
319 | mov ecx, sizeof.crash_ctx/4 |
318 | mov ecx, LIBCRASH_CTX_LEN/4 |
320 | rep movsd |
319 | rep movsd |
321 | lea edx, [session_id_x] |
320 | lea edx, [session_id_x] |
322 | mov byte[edx], 'A' |
321 | mov byte[edx], 'A' |
323 | invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1 |
322 | invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1 |
324 | invoke sha256_final, [temp_ctx] |
323 | invoke sha2_256_finish, [temp_ctx] |
325 | mov edi, [tx_iv] |
324 | mov edi, [tx_iv] |
326 | mov esi, [temp_ctx] |
325 | mov esi, [temp_ctx] |
327 | mov ecx, SHA256_HASH_SIZE/4 |
326 | mov ecx, SHA2_256_LEN/4 |
328 | rep movsd |
327 | rep movsd |
329 | 328 | ||
Line 330... | Line 329... | ||
330 | DEBUGF 1, "Remote IV: " |
329 | DEBUGF 1, "Remote IV: " |
331 | stdcall dump_hex, [tx_iv], SHA256_HASH_SIZE/4 |
330 | stdcall dump_hex, [tx_iv], SHA2_256_LEN/4 |
Line 332... | Line 331... | ||
332 | 331 | ||
333 | ;--------------------------------------------------------------- |
332 | ;--------------------------------------------------------------- |
Line 334... | Line 333... | ||
334 | ; Initial IV server to client: HASH(K || H || "B" || session_id) |
333 | ; Initial IV server to client: HASH(K || H || "B" || session_id) |
335 | 334 | ||
336 | mov esi, [k_h_ctx] |
335 | mov esi, [k_h_ctx] |
337 | mov edi, [temp_ctx] |
336 | mov edi, [temp_ctx] |
338 | mov ecx, sizeof.crash_ctx/4 |
337 | mov ecx, LIBCRASH_CTX_LEN/4 |
339 | rep movsd |
338 | rep movsd |
340 | lea edx, [session_id_x] |
339 | lea edx, [session_id_x] |
341 | mov byte[edx], 'B' |
340 | mov byte[edx], 'B' |
342 | invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1 |
341 | invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1 |
343 | invoke sha256_final, [temp_ctx] |
342 | invoke sha2_256_finish, [temp_ctx] |
344 | mov edi, [rx_iv] |
343 | mov edi, [rx_iv] |
345 | mov esi, [temp_ctx] |
344 | mov esi, [temp_ctx] |
Line 346... | Line 345... | ||
346 | mov ecx, SHA256_HASH_SIZE/4 |
345 | mov ecx, SHA2_256_LEN/4 |
347 | rep movsd |
346 | rep movsd |
Line 348... | Line 347... | ||
348 | 347 | ||
349 | DEBUGF 1, "Local IV: " |
348 | DEBUGF 1, "Local IV: " |
Line 350... | Line 349... | ||
350 | stdcall dump_hex, [rx_iv], SHA256_HASH_SIZE/4 |
349 | stdcall dump_hex, [rx_iv], SHA2_256_LEN/4 |
351 | 350 | ||
352 | ;------------------------------------------------------------------- |
351 | ;------------------------------------------------------------------- |
353 | ; Encryption key client to server: HASH(K || H || "C" || session_id) |
352 | ; Encryption key client to server: HASH(K || H || "C" || session_id) |
354 | 353 | ||
355 | mov esi, [k_h_ctx] |
354 | mov esi, [k_h_ctx] |
356 | mov edi, [temp_ctx] |
355 | mov edi, [temp_ctx] |
357 | mov ecx, sizeof.crash_ctx/4 |
356 | mov ecx, LIBCRASH_CTX_LEN/4 |
358 | rep movsd |
357 | rep movsd |
359 | lea edx, [session_id_x] |
358 | lea edx, [session_id_x] |
360 | mov byte[edx], 'C' |
359 | mov byte[edx], 'C' |
361 | invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1 |
360 | invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1 |
Line 362... | Line 361... | ||
362 | invoke sha256_final, [temp_ctx] |
361 | invoke sha2_256_finish, [temp_ctx] |
363 | mov edi, [tx_enc_key] |
362 | mov edi, [tx_enc_key] |
Line 364... | Line 363... | ||
364 | mov esi, [temp_ctx] |
363 | mov esi, [temp_ctx] |
365 | mov ecx, SHA256_HASH_SIZE/4 |
364 | mov ecx, SHA2_256_LEN/4 |
Line 366... | Line 365... | ||
366 | rep movsd |
365 | rep movsd |
367 | 366 | ||
368 | DEBUGF 1, "Remote key: " |
367 | DEBUGF 1, "Remote key: " |
369 | stdcall dump_hex, [tx_enc_key], SHA256_HASH_SIZE/4 |
368 | stdcall dump_hex, [tx_enc_key], SHA2_256_LEN/4 |
370 | 369 | ||
371 | ;------------------------------------------------------------------- |
370 | ;------------------------------------------------------------------- |
372 | ; Encryption key server to client: HASH(K || H || "D" || session_id) |
371 | ; Encryption key server to client: HASH(K || H || "D" || session_id) |
373 | 372 | ||
374 | mov esi, [k_h_ctx] |
373 | mov esi, [k_h_ctx] |
375 | mov edi, [temp_ctx] |
374 | mov edi, [temp_ctx] |
376 | mov ecx, sizeof.crash_ctx/4 |
375 | mov ecx, LIBCRASH_CTX_LEN/4 |
377 | rep movsd |
376 | rep movsd |
Line 378... | Line 377... | ||
378 | lea edx, [session_id_x] |
377 | lea edx, [session_id_x] |
379 | mov byte[edx], 'D' |
378 | mov byte[edx], 'D' |
Line 380... | Line 379... | ||
380 | invoke sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1 |
379 | invoke sha2_256_update, [temp_ctx], edx, SHA2_256_LEN+1 |
381 | invoke sha256_final, [temp_ctx] |
380 | invoke sha2_256_finish, [temp_ctx] |
Line 382... | Line 381... | ||
382 | mov edi, [rx_enc_key] |
381 | mov edi, [rx_enc_key] |
383 | mov esi, [temp_ctx] |
382 | mov esi, [temp_ctx] |
384 | mov ecx, SHA256_HASH_SIZE/4 |
383 | mov ecx, SHA2_256_LEN/4 |
385 | rep movsd |
384 | rep movsd |
386 | 385 | ||
387 | DEBUGF 1, "Local key: " |
386 | DEBUGF 1, "Local key: " |
388 | stdcall dump_hex, [rx_enc_key], SHA256_HASH_SIZE/4 |
387 | stdcall dump_hex, [rx_enc_key], SHA2_256_LEN/4 |
389 | 388 | ||
390 | ;------------------------------------------------------------------ |
389 | ;------------------------------------------------------------------ |
391 | ; Integrity key client to server: HASH(K || H || "E" || session_id) |
390 | ; Integrity key client to server: HASH(K || H || "E" || session_id) |
392 | 391 | ||
393 | mov esi, [k_h_ctx] |
392 | mov esi, [k_h_ctx] |
Line 394... | Line 393... | ||
394 | mov edi, [temp_ctx] |
393 | mov edi, [temp_ctx] |
395 | mov ecx, sizeof.crash_ctx/4 |
394 | mov ecx, LIBCRASH_CTX_LEN/4 |
Line 396... | Line 395... | ||
396 | rep movsd |
395 | rep movsd |
397 | lea edx, [session_id_x] |
396 | lea edx, [session_id_x] |
Line 398... | Line 397... | ||
398 | mov byte[edx], 'E' |
397 | mov byte[edx], 'E' |
Line 469... | Line 468... | ||
469 | 468 | ||
470 | mov [ebx + sshlib_connection.tx_pad_size], AES256_BLOCKSIZE |
469 | mov [ebx + sshlib_connection.tx_pad_size], AES256_BLOCKSIZE |
Line 471... | Line 470... | ||
471 | mov [ebx + sshlib_connection.tx_pad_proc], MBRandom |
470 | mov [ebx + sshlib_connection.tx_pad_proc], MBRandom |
472 | 471 | ||
473 | lea ecx, [ebx + sshlib_connection.rx_mac_ctx] |
472 | lea ecx, [ebx + sshlib_connection.rx_mac_ctx] |
474 | stdcall hmac_sha256_setkey, ecx, [rx_int_key], SHA256_HASH_SIZE |
473 | stdcall hmac_sha256_setkey, ecx, [rx_int_key], SHA2_256_LEN |
Line 475... | Line 474... | ||
475 | mov [ebx + sshlib_connection.rx_mac_proc], hmac_sha256 |
474 | mov [ebx + sshlib_connection.rx_mac_proc], hmac_sha256 |
476 | mov [ebx + sshlib_connection.rx_mac_length], SHA256_HASH_SIZE |
475 | mov [ebx + sshlib_connection.rx_mac_length], SHA2_256_LEN |
477 | 476 | ||
478 | lea ecx, [ebx + sshlib_connection.tx_mac_ctx] |
477 | lea ecx, [ebx + sshlib_connection.tx_mac_ctx] |
Line 479... | Line 478... | ||
479 | stdcall hmac_sha256_setkey, ecx, [tx_int_key], SHA256_HASH_SIZE |
478 | stdcall hmac_sha256_setkey, ecx, [tx_int_key], SHA2_256_LEN |
480 | mov [ebx + sshlib_connection.tx_mac_proc], hmac_sha256 |
479 | mov [ebx + sshlib_connection.tx_mac_proc], hmac_sha256 |
Line 481... | Line 480... | ||
481 | mov [ebx + sshlib_connection.tx_mac_length], SHA256_HASH_SIZE |
480 | mov [ebx + sshlib_connection.tx_mac_length], SHA2_256_LEN |
482 | 481 | ||
483 | mov [ebx + sshlib_connection.status], SSHLIB_CON_STAT_KEX_DONE |
482 | mov [ebx + sshlib_connection.status], SSHLIB_CON_STAT_KEX_DONE |
484 | xor eax, eax |
483 | xor eax, eax |
485 | 484 | ||
486 | .err: |
485 | .err: |
Line 487... | Line 486... | ||
487 | push eax |
486 | push eax |
488 | xor eax, eax |
487 | xor eax, eax |