Subversion Repositories Kolibri OS

Rev

Rev 9112 | Rev 9114 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 9112 Rev 9113
Line 15... Line 15...
15 
;    You should have received a copy of the GNU General Public License
 15 
;    You should have received a copy of the GNU General Public License
16 
;    along with this program.  If not, see .
 16 
;    along with this program.  If not, see .
Line 17... Line 17...
17 
 
 17 
 
18 
; https://datatracker.ietf.org/doc/html/rfc4253#section-6.6
 18 
; https://datatracker.ietf.org/doc/html/rfc4253#section-6.6
19 
; https://datatracker.ietf.org/doc/html/rfc3447
 - 
 
20 
 
 19 
; https://datatracker.ietf.org/doc/html/rfc3447
- 
 
 20 
; https://datatracker.ietf.org/doc/html/rfc4716
Line 21... Line 21...
21 
; https://datatracker.ietf.org/doc/html/rfc4716
 21 
; https://datatracker.ietf.org/doc/html/rfc8017
Line 22... Line 22...
22 
 
 22 
 
23 
proc sshlib_host_verify  con_ptr, str_host_key, str_signature, message, message_len
 23 
proc sshlib_host_verify  con_ptr, str_host_key, str_signature, message, message_len
Line 177... Line 177...
177 
 
 177 
 
178 
; Signature
 178 
; Signature
179 
        mov     esi, [str_signature]
 179 
        mov     esi, [str_signature]
180 
        mov     ecx, [esi]
 180 
        mov     ecx, [esi]
- 
 
 181 
        bswap   ecx             ; TODO: check length
181 
        bswap   ecx             ; TODO: check length
 182 
 
182 
; Host key type (string)
 183 
; Host key type (string)
183 
        cmp     dword[esi+4], 0x07000000
 184 
        cmp     dword[esi+4], 0x07000000
184 
        jne     .err_signature
 185 
        jne     .not_ssh_rsa
185 
        cmp     dword[esi+8], 'ssh-'
 186 
        cmp     dword[esi+8], 'ssh-'
186 
        jne     .err_signature
 187 
        jne     .not_ssh_rsa
187 
        cmp     dword[esi+11], '-rsa'
 - 
 
188 
        jne     .err_signature
 188 
        cmp     dword[esi+11], '-rsa'
189 
        add     esi, 4+4+7
 - 
 
190 
; RSA signature blob
 - 
 
191 
        stdcall mpint_to_little_endian, [mpint_s], esi
 - 
 
192 
;        cmp     eax, [k]
 - 
 
Line 193... Line 189...
193 
 ;;;       jne     .err_signature
 189 
        je      .sha1
194 
 
 190 
 
- 
 
 191 
  .not_ssh_rsa:
- 
 
 192 
        cmp     dword[esi+4], 0x0c000000
- 
 
 193 
        jne     .not_sha2
- 
 
 194 
        cmp     dword[esi+8], 'rsa-'
- 
 
 195 
        jne     .not_sha2
- 
 
 196 
        cmp     dword[esi+12], 'sha2'
- 
 
 197 
        jne     .not_sha2
- 
 
 198 
        cmp     dword[esi+16], '-256'
- 
 
 199 
        je      .sha2_256
- 
 
 200 
;        cmp     dword[esi+16], '-512'
195 
; RSAVP1
 201 
;        je      .sha2_512
196 
        stdcall mpint_modexp, [mpint_m], [mpint_s], [mpint_e], [mpint_n]
 202 
 
- 
 
 203 
  .not_sha2:
- 
 
 204 
        jmp     .err_signature
197 
; I2OSP
 205 
 
198 
        stdcall mpint_shrink, [mpint_m]
 206 
  .sha1:
- 
 
 207 
        DEBUGF  3, "SSH: Using RSA with SHA1 hash\n"
Line 199... Line 208...
199 
        stdcall mpint_grow, [mpint_m], 256
 208 
        add     esi, 4+4+7
200 
        stdcall mpint_to_big_endian, [EM], [mpint_m]
 209 
        push    esi
201 
 
 210 
 
202 
; EMSA-PKCS1-v1_5
 211 
; EMSA-PKCS1-v1_5
Line 207... Line 216...
207 
        mov     edi, [EM_accent]
 216 
        mov     edi, [EM_accent]
208 
        mov     al, 0x00
 217 
        mov     al, 0x00
209 
        stosb
 218 
        stosb
210 
        mov     al, 0x01
 219 
        mov     al, 0x01
211 
        stosb
 220 
        stosb
212 
        mov     ecx, 256 - (rsa_sha1_t.len + 3 + SHA1_HASH_SIZE)
 221 
        mov     ecx, 256 - (rsa_sha1_T.len + 3 + SHA1_HASH_SIZE)
213 
        mov     al, 0xff
 222 
        mov     al, 0xff
214 
        rep stosb
 223 
        rep stosb
215 
        mov     al, 0x00
 224 
        mov     al, 0x00
216 
        stosb
 225 
        stosb
217 
        mov     esi, rsa_sha1_t
 226 
        mov     esi, rsa_sha1_T
218 
        mov     ecx, rsa_sha1_t.len
 227 
        mov     ecx, rsa_sha1_T.len
219 
        rep movsb
 228 
        rep movsb
220 
        mov     esi, [h_ctx]
 229 
        mov     esi, [h_ctx]
221 
        mov     ecx, SHA1_HASH_SIZE
 230 
        mov     ecx, SHA1_HASH_SIZE
222 
        rep movsb
 231 
        rep movsb
Line -... Line 232...
- 
 
 232 
 
- 
 
 233 
        pop     esi
- 
 
 234 
        jmp     .rsa
- 
 
 235 
 
- 
 
 236 
  .sha2_256:
- 
 
 237 
        DEBUGF  3, "SSH: Using RSA with SHA2-256 hash\n"
- 
 
 238 
        add     esi, 4+4+12
- 
 
 239 
        push    esi
- 
 
 240 
 
- 
 
 241 
; EMSA-PKCS1-v1_5
- 
 
 242 
        invoke  sha256_init, [h_ctx]
- 
 
 243 
        invoke  sha256_update, [h_ctx], [M], [message_len]
- 
 
 244 
        invoke  sha256_final, [h_ctx]
- 
 
 245 
 
- 
 
 246 
        mov     edi, [EM_accent]
- 
 
 247 
        mov     al, 0x00
- 
 
 248 
        stosb
- 
 
 249 
        mov     al, 0x01
- 
 
 250 
        stosb
- 
 
 251 
        mov     ecx, 256 - (rsa_sha256_T.len + 3 + SHA256_HASH_SIZE)
- 
 
 252 
        mov     al, 0xff
- 
 
 253 
        rep stosb
- 
 
 254 
        mov     al, 0x00
- 
 
 255 
        stosb
- 
 
 256 
        mov     esi, rsa_sha256_T
- 
 
 257 
        mov     ecx, rsa_sha256_T.len
- 
 
 258 
        rep movsb
- 
 
 259 
        mov     esi, [h_ctx]
- 
 
 260 
        mov     ecx, SHA256_HASH_SIZE
- 
 
 261 
        rep movsb
- 
 
 262 
 
- 
 
 263 
        pop     esi
- 
 
 264 
        jmp     .rsa
- 
 
 265 
 
- 
 
 266 
  .rsa:
- 
 
 267 
; RSA signature blob
- 
 
 268 
        stdcall mpint_to_little_endian, [mpint_s], esi
- 
 
 269 
;        cmp     eax, [k]
- 
 
 270 
 ;;;       jne     .err_signature
- 
 
 271 
 
- 
 
 272 
; RSAVP1
- 
 
 273 
        stdcall mpint_modexp, [mpint_m], [mpint_s], [mpint_e], [mpint_n]
- 
 
 274 
; I2OSP
- 
 
 275 
        stdcall mpint_shrink, [mpint_m]
- 
 
 276 
        stdcall mpint_grow, [mpint_m], 256
- 
 
 277 
        stdcall mpint_to_big_endian, [EM], [mpint_m]
223 
 
 278 
 
224 
; Compare EM with EM_accent
 279 
; Compare EM with EM_accent
225 
        mov     esi, [EM]
 280 
        mov     esi, [EM]
226 
        add     esi, 4
 281 
        add     esi, 4
227 
        mov     edi, [EM_accent]
 282 
        mov     edi, [EM_accent]
Line 320... Line 375...
320 
 
 375 
 
Line 321... Line 376...
321 
iglobal
 376 
iglobal
322 
 
 377 
 
323 
        known_hostsfile db '/sys/settings/known_hosts.ini', 0
 378 
        known_hostsfile db '/sys/settings/known_hosts.ini', 0
324 
        base64_table    db 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
 379 
        base64_table    db 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
- 
 
 380 
        rsa_sha1_T      db 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14
- 
 
 381 
        .len = $ - rsa_sha1_T
325 
        rsa_sha1_t      db 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14
 382 
        rsa_sha256_T    db 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
Line 326... Line 383...
326 
        .len = $ - rsa_sha1_t
 383 
        .len = $ - rsa_sha256_T