Subversion Repositories Kolibri OS

;    ssh.asm - SSH client for KolibriOS

;

;    Copyright (C) 2015-2021 Jeffrey Amelynck

;

;    This program is free software: you can redistribute it and/or modify

;    it under the terms of the GNU General Public License as published by

;    the Free Software Foundation, either version 3 of the License, or

;    (at your option) any later version.

;

;    This program is distributed in the hope that it will be useful,

;    but WITHOUT ANY WARRANTY; without even the implied warranty of

;    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

;    GNU General Public License for more details.

;

;    You should have received a copy of the GNU General Public License

;    along with this program.  If not, see .

format binary as ""

__DEBUG__               = 1

__DEBUG_LEVEL__         = 2             ; 1: Everything, including sensitive information, 2: Debugging, 3: Errors only

BUFFERSIZE              = 64*1024       ; Must be at least 32K according rfc4253#section-6.1

PACKETSIZE              = 32*1024       ; Must be at least 32K according rfc4253#section-6.1

MAX_BITS                = 8192

DH_PRIVATE_KEY_SIZE     = 256

MAX_INPUT_LENGTH        = 255 ;;; WHAT WAS THIS AGAIN ?!

MAX_USERNAME_LENGTH     = 256

MAX_PASSWORD_LENGTH     = 256

MAX_HOSTNAME_LENGTH     = 4096

MAX_PUBLIC_KEY_SIZE     = 4096

use32

        db      'MENUET01'      ; signature

        dd      1               ; header version

        dd      start           ; entry point

        dd      i_end           ; initialized size

        dd      mem+65536       ; required memory

        dd      mem+65536       ; stack pointer

        dd      params          ; parameters

        dd      0               ; path

include '../../macros.inc'

;include '../../struct.inc'

purge mov,add,sub

include '../../proc32.inc'

include '../../dll.inc'

include '../../debug-fdo.inc'

include '../../network.inc'

include '../../develop/libraries/libcrash/trunk/libcrash.inc'

; macros for network byte order

macro dd_n op {

   dd 0 or (((op) and 0FF000000h) shr 24) or \

           (((op) and 000FF0000h) shr  8) or \

           (((op) and 00000FF00h) shl  8) or \

           (((op) and 0000000FFh) shl 24)

}

macro dw_n op {

   dw 0 or (((op) and 0FF00h) shr 8) or \

           (((op) and 000FFh) shl 8)

}

macro str string {

    local .start, .stop

    dd_n (.stop-.start)

    .start db string

    .stop:

}

proc dump_hex _ptr, _length

if __DEBUG_LEVEL__ <= 1

        pushad

        mov     esi, [_ptr]

        mov     ecx, [_length]

  .next_dword:

        lodsd

        bswap   eax

        DEBUGF  1,'%x', eax

        loop    .next_dword

        DEBUGF  1,'\n'

        popad

end if

        ret

endp

macro DEBUGM l, s, m {

if __DEBUG__

        DEBUGF  l, s

  if l >=__DEBUG_LEVEL__

        stdcall mpint_print, m

  end if

end if

}

include 'mpint.inc'

include 'seed.inc'

include 'random.inc'

include 'aes256.inc'

include 'aes256-ctr.inc'

include 'aes256-cbc.inc'

include 'blowfish.inc'

include 'blowfish-ctr.inc'

include 'blowfish-cbc.inc'

include 'hmac_sha256.inc'

include 'hmac_sha1.inc'

include 'hmac_md5.inc'

include 'sshlib.inc'

include 'sshlib_mcodes.inc'

include 'sshlib_transport.inc'

include 'sshlib_connection.inc'

include 'sshlib_dh_gex.inc'

include 'sshlib_host.inc'

include 'sshlib_channel.inc'

include 'sshlib_userauth.inc'

include 'encodings.inc'         ; Unfortunately, we dont have UTF-8 capable console yet :(

start:

        mcall   68, 11          ; Init heap

        DEBUGF  2, "SSH: Loading libraries\n"

        stdcall dll.Load, @IMPORT

        test    eax, eax

        jnz     main.fail

        DEBUGF  2, "SSH: Init PRNG\n"

        call    create_seed

        call    init_random

        DEBUGF  2, "SSH: Init Console\n"

        invoke  con_start, 1

        invoke  con_init, 80, 25, 800, 250, title

        cmp     byte[params], 0

        jne     main.connect

main:

        invoke  con_cls

; Welcome user

        invoke  con_write_asciiz, str1a

  .prompt:

        invoke  con_write_asciiz, str1b

; Reset window title

        invoke  con_set_title, title

; Write prompt

        invoke  con_write_asciiz, str2

; read string

        mov     esi, params

        invoke  con_gets, esi, MAX_HOSTNAME_LENGTH

; check for exit

        test    eax, eax

        jz      .done

        cmp     byte[esi], 10

        jz      .done

  .connect:

        stdcall sshlib_connect, ssh_con, params

        cmp     eax, 0

        jg      .prompt

        jl      .error

  .login:

        mcall   68, 12, (MAX_USERNAME_LENGTH + MAX_PASSWORD_LENGTH)

        test    eax, eax

        jz      .done   ; ERR_NOMEM

        mov     esi, eax

        lea     edi, [eax + MAX_USERNAME_LENGTH]

; Get username

        invoke  con_write_asciiz, str12

        invoke  con_gets, esi, MAX_USERNAME_LENGTH

        test    eax, eax

;;        jz      .con_closed_must_clear

; Get password

        invoke  con_write_asciiz, str13a

        invoke  con_gets, edi, MAX_PASSWORD_LENGTH

        test    eax, eax

;;        jz      .con_closed_must_clear

        invoke  con_write_asciiz, str13b

; Authenticate

        stdcall sshlib_userauth_password, ssh_con, esi, edi

; Clear and free username and password

  .clear:

        push    eax

        mov     edx, edi

        xor     eax, eax

        mov     ecx, (MAX_USERNAME_LENGTH + MAX_PASSWORD_LENGTH)/4

        rep     stosd

        mcall   68, 13, edx

        pop     eax

        cmp     eax, 0

        jg      .login          ; Authentication failed

        jl      .error          ; An error occured

; Open a channel

        stdcall sshlib_chan_open, ssh_con

        cmp     eax, 0

        jg      .prompt         ; Authentication failed

        jl      .error          ; An error occured

; Start console input handler thread without deactivating the current window

; Get active window ID

        mcall   18, 7

        push    eax

; Create thread

        mcall   51, 1, con_in_thread, mem - 2048

; Activate window with given ID

        pop     ecx

        mcall   18, 3

  .loop:

        invoke  con_get_flags

        test    eax, 0x200                      ; console window closed?

        jnz     .con_closed

        stdcall sshlib_msg_handler, ssh_con, 0

        cmp     eax, 0

        jle     .check_err

        cmp     [ssh_con.rx_buffer.message_code], SSH_MSG_CHANNEL_DATA

        jne     .dump

        mov     eax, dword[ssh_con.rx_buffer.message_code+5]

        bswap   eax

        DEBUGF  1, 'SSH: got %u bytes of data !\n', eax

        lea     esi, [ssh_con.rx_buffer.message_code+5+4]

        lea     edx, [esi+eax]

        lea     edi, [ssh_con.rx_buffer]

  @@:

        call    get_byte_utf8

        stosb

        cmp     esi, edx

        jb      @r

        xor     al, al

        stosb

        lea     esi, [ssh_con.rx_buffer]

        DEBUGF  3, 'SSH msg: %s\n', esi

        invoke  con_write_asciiz, esi

        jmp     .loop

  .dump:

        DEBUGF  3, "SSH: Unsupported message: "

        lea     esi, [ssh_con.rx_buffer.message_code]

        mov     ecx, eax

        pusha

  @@:

        lodsb

        DEBUGF  3, "%x ", eax:2

        dec     ecx

        jnz     @r

        popa

        DEBUGF  3, "\n"

        jmp     .loop

  .check_err:

        jz      .err_conn_closed

        cmp     ebx, EWOULDBLOCK

        je      .loop

        jmp     .err_sock

  .con_closed:

        ; Send close message on the active channel

        stdcall sshlib_send_packet, ssh_con, ssh_msg_channel_close, ssh_msg_channel_close.length, 0

        jmp     .done

  .error:

; TODO: proper cleanup after error

        cmp     eax, SSHLIB_ERR_NOMEM

        je      .done

        cmp     eax, SSHLIB_ERR_SOCKET

        je      .err_sock

        cmp     eax, SSHLIB_ERR_PROTOCOL

        je      .err_proto

        cmp     eax, SSHLIB_ERR_HOSTNAME

        je      .err_hostname

        cmp     eax, SSHLIB_ERR_HKEY_VERIFY_FAIL

        je      .err_hostkey_fail

        cmp     eax, SSHLIB_ERR_HKEY_SIGNATURE

        je      .err_hostkey_signature

        cmp     eax, SSHLIB_ERR_HKEY_PUBLIC_KEY

        je      .err_hostkey

        jmp     .done

  .err_proto:

;        lea     eax, [ssh_con.rx_buffer]

;        int3

        invoke  con_write_asciiz, str7

        jmp     .prompt

  .err_sock:

        invoke  con_write_asciiz, str6

        mov     eax, str14

        cmp     ebx, ETIMEDOUT

        je      .err_sock_detail

        mov     eax, str15

        cmp     ebx, ECONNREFUSED

        je      .err_sock_detail

        mov     eax, str16

        cmp     ebx, ECONNRESET

        je      .err_sock_detail

        mov     eax, str17

  .err_sock_detail:

        invoke  con_write_asciiz, eax

        jmp     .prompt

  .err_hostname:

        invoke  con_write_asciiz, str10

        jmp     .prompt

  .err_conn_closed:

        invoke  con_write_asciiz, str11

        jmp     .prompt

  .err_hostkey:

        invoke  con_write_asciiz, str19

        jmp     .prompt

  .err_hostkey_signature:

        invoke  con_write_asciiz, str20

        jmp     .prompt

  .err_hostkey_fail:

        invoke  con_write_asciiz, str21

        jmp     .prompt

  .done:

        invoke  con_exit, 1

  .exit:

        DEBUGF  3, "SSH: Exiting\n"

        mcall   close, [ssh_con.socketnum]

  .fail:

        mcall   -1

proc sshlib_callback_connecting, con_ptr, connstring_sz

        invoke  con_write_asciiz, str3

        mov     eax, [con_ptr]

        lea     eax, [eax+sshlib_connection.hostname_sz]

        invoke  con_write_asciiz, eax

        invoke  con_write_asciiz, str8

        invoke  con_write_asciiz, [connstring_sz]

        invoke  con_write_asciiz, str9

        ret

endp

proc sshlib_callback_hostkey_problem, con_ptr, problem_type, hostkey_sz

        cmp     [problem_type], SSHLIB_HOSTKEY_PROBLEM_UNKNOWN

        je      .unknown

        cmp     [problem_type], SSHLIB_HOSTKEY_PROBLEM_MISMATCH

        je      .mismatch

        mov     eax, -1

        ret

  .unknown:

        invoke  con_write_asciiz, str22

        jmp     .ask

  .mismatch:

        invoke  con_write_asciiz, str23

;        jmp     .ask

  .ask:

  ;;; TODO: print hostkey

        invoke  con_write_asciiz, str24

  .getansw:

        invoke  con_getch2

        or      al, 0x20        ; convert to lowercase

        cmp     al, 'a'

        je      .accept

        cmp     al, 'c'

        je      .once

        cmp     al, 'x'

        je      .refuse

        jmp     .getansw

  .accept:

        mov     eax, SSHLIB_HOSTKEY_ACCEPT

        ret

  .once:

        mov     eax, SSHLIB_HOSTKEY_ONCE

        ret

  .refuse:

        mov     eax, SSHLIB_HOSTKEY_REFUSE

        ret

endp

align 16

con_in_thread:

  .loop:

; TODO: check if channel is still open somehow

        invoke  con_get_input, ssh_msg_channel_data.data, MAX_INPUT_LENGTH

        test    eax, eax

        jz      .no_input

        lea     ecx, [eax + ssh_msg_channel_data.data - ssh_msg_channel_data]

        bswap   eax

        mov     [ssh_msg_channel_data.len], eax

        stdcall sshlib_send_packet, ssh_con, ssh_msg_channel_data, ecx, 0

        cmp     eax, 0

        jle     .exit

  .no_input:

        invoke  con_get_flags

        test    eax, 0x200                      ; con window closed?

        jz      .loop

  .exit:

        mcall   -1

; data

title   db 'Secure Shell',0

str1a   db 'SSHv2 client for KolibriOS',10,0

str1b   db 10,'Please enter URL of SSH server (hostname:port)',10,0

str2    db '> ',0

str3    db 'Connecting to ',0

str4    db 10,0

str6    db 10, 27, '[2J',27,'[mA network error has occured.',10,0

str7    db 10, 27, '[2J',27,'[mAn SSH protocol error has occured.',10,0

str8    db ' (',0

str9    db ')',10,0

str10   db 'Host does not exist.',10,10,0

str11   db 10, 27, '[2J',27,'[mThe remote host closed the connection.',10,0

str12   db 'Login as: ',0

str13a  db 'Password: ', 27, '[?25l', 27, '[30;40m', 0

str13b  db 10, 27, '[?25h', 27, '[0m', 27, '[2J', 0

str14   db 'The connection timed out',10,0

str15   db 'The connection was refused',10,0

str16   db 'The connection was reset',10,0

str17   db 'No details available',10,0

;str18   db 'User authentication failed',10,0;;;;

str19   db "The remote host's public key is invalid.", 10, 0

str20   db "The remote host's signature is invalid.", 10, 0

str21   db "The remote host failed to verify it's own public key.", 10, 0

str22   db "The host key for the server was not found in the cache.", 10

        db "There is no guarantee to the servers identity !",10, 0

str23   db "The host key provided by the host does not match the cached one.", 10

        db "This may indicate that the remote server has been compromised!", 10, 0

str24   db 10, "If you trust this host, press A to accept and store the (new) key.", 10

        db "Press C to connect to the host but don't store the (new) key.", 10

        db "Press X to abort.", 10, 0

ssh_ident_ha:

        dd_n (ssh_msg_ident.length-2)

ssh_msg_ident:

        db "SSH-2.0-KolibriOS_SSH_0.05",13,10

  .length = $ - ssh_msg_ident

ssh_msg_kex:

        db SSH_MSG_KEXINIT

  .cookie:

        rd 4

  .kex_algorithms:

        str "diffie-hellman-group-exchange-sha256" ; diffie-hellman-group-exchange-sha1

  .server_host_key_algorithms:

        str "ssh-rsa"                    ;,ssh-dss

  .encryption_algorithms_client_to_server:

        str "aes256-ctr"                 ;,aes256-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128"

  .encryption_algorithms_server_to_client:

        str "aes256-ctr"                 ;,aes256-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128"

  .mac_algorithms_client_to_server:

        str "hmac-sha2-256"              ;,hmac-sha1,hmac-sha1-96,hmac-md5"

  .mac_algorithms_server_to_client:

        str "hmac-sha2-256"              ;,hmac-sha1,hmac-sha1-96,hmac-md5"

  .compression_algorithms_client_to_server:

        str "none"                       ;,zlib"

  .compression_algorithms_server_to_client:

        str "none"                       ;,zlib"

  .languages_client_to_server:

        str ""

  .languages_server_to_client:

        str ""

  .first_kex_packet_follows:

        db 0

  .reserved:

        dd_n 0

  .length = $ - ssh_msg_kex

ssh_msg_gex_req:

        db SSH_MSG_KEX_DH_GEX_REQUEST

        dd_n 4096/4                      ; DH GEX min

        dd_n 4096/2                      ; DH GEX number of bits

        dd_n 4096                        ; DH GEX Max

  .length = $ - ssh_msg_gex_req

ssh_msg_new_keys:

        db SSH_MSG_NEWKEYS

  .length = $ - ssh_msg_new_keys

ssh_msg_request_service:

        db SSH_MSG_SERVICE_REQUEST

        str "ssh-userauth"              ; Service name

  .length = $ - ssh_msg_request_service

ssh_msg_channel_open:

        db SSH_MSG_CHANNEL_OPEN

        str "session"

        dd_n 0                          ; Sender channel

        dd_n BUFFERSIZE                 ; Initial window size

        dd_n PACKETSIZE                 ; maximum packet size

  .length = $ - ssh_msg_channel_open

ssh_msg_channel_close:

        db SSH_MSG_CHANNEL_CLOSE

        dd_n 0                          ; Sender channel

  .length = $ - ssh_msg_channel_close

ssh_msg_channel_request:

        db SSH_MSG_CHANNEL_REQUEST

        dd_n 0                          ; Recipient channel

        str "pty-req"

        db 1                            ; Bool: want reply

        str "xterm"

        dd_n 80                         ; terminal width (rows)

        dd_n 25                         ; terminal height (rows)

        dd_n 80*8                       ; terminal width (pixels)

        dd_n 25*16                      ; terminal height (pixels)

        dd_n 0                          ; list of supported opcodes

  .length = $ - ssh_msg_channel_request

ssh_msg_shell_request:

        db SSH_MSG_CHANNEL_REQUEST

        dd_n 0                          ; Recipient channel

        str "shell"

        db 1                            ; Bool: want reply

  .length = $ - ssh_msg_shell_request

ssh_msg_channel_data:

        db SSH_MSG_CHANNEL_DATA

        dd_n 0                          ; Sender channel

  .len  dd ?

  .data rb MAX_INPUT_LENGTH + 1

ssh_msg_channel_window_adjust:

        db SSH_MSG_CHANNEL_WINDOW_ADJUST

        dd_n 0                          ; Sender channel

  .wnd  dd ?

  .length = $ - ssh_msg_channel_window_adjust

include_debug_strings

align 4

@IMPORT:

library network, 'network.obj', \

        console, 'console.obj', \

        libcrash, 'libcrash.obj'

import  network, \

        getaddrinfo, 'getaddrinfo', \

        freeaddrinfo, 'freeaddrinfo', \

        inet_ntoa, 'inet_ntoa'

import  console, \

        con_start, 'START', \

        con_init, 'con_init', \

        con_write_asciiz, 'con_write_asciiz', \

        con_exit, 'con_exit', \

        con_gets, 'con_gets', \

        con_cls, 'con_cls', \

        con_getch2, 'con_getch2', \

        con_get_flags, 'con_get_flags', \

        con_set_title, 'con_set_title', \

        con_get_input, 'con_get_input'

import  libcrash, \

        sha256_init, 'sha256_init', \

        sha256_update, 'sha256_update', \

        sha256_final, 'sha256_final',\

        sha1_init, 'sha1_init', \

        sha1_update, 'sha1_update', \

        sha1_final, 'sha1_final', \

        md5_init, 'md5_init', \

        md5_update, 'md5_update', \

        md5_final, 'md5_final'

IncludeIGlobals

i_end:

IncludeUGlobals

params          rb MAX_HOSTNAME_LENGTH

ssh_con         sshlib_connection

ssh_chan        sshlib_channel

mem: