| 0,0 → 1,153 |
|---|
| ; ssh_transport.inc - SSH transport layer |
| ; |
| ; Copyright (C) 2016 Jeffrey Amelynck |
| ; |
| ; This program is free software: you can redistribute it and/or modify |
| ; it under the terms of the GNU General Public License as published by |
| ; the Free Software Foundation, either version 3 of the License, or |
| ; (at your option) any later version. |
| ; |
| ; This program is distributed in the hope that it will be useful, |
| ; but WITHOUT ANY WARRANTY; without even the implied warranty of |
| ; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| ; GNU General Public License for more details. |
| ; |
| ; You should have received a copy of the GNU General Public License |
| ; along with this program. If not, see <http://www.gnu.org/licenses/>. |
| |
| struct ssh_header |
| length dd ? |
| padding db ? |
| message_code db ? |
| ends |
| |
| proc dummy_encrypt _key, _in, _out |
| |
| ret |
| endp |
| |
| proc ssh_recv_packet sock, buf, size, flags |
| |
| locals |
| bufferptr dd ? |
| remaining dd ? |
| padding dd ? |
| endl |
| |
| DEBUGF 1, "ssh_recv_packet\n" |
| ; Receive first block (Read length, padding length, message code) |
| mcall recv, [sock], [buf], [rx_blocksize], [flags] |
| DEBUGF 1, "chunk = %u\n", eax |
| cmp eax, [rx_blocksize] |
| jne .fail ;;;; |
| |
| ; stdcall [decrypt_proc], [rx_context], [buf], [buf] |
| |
| mov ebx, [buf] |
| movzx eax, [ebx+ssh_header.padding] |
| mov [padding], eax |
| mov eax, [ebx+ssh_header.length] |
| bswap eax ; length to little endian |
| mov [ebx+ssh_header.length], eax |
| DEBUGF 1, "ssh_recv_packet length = %u\n", eax |
| |
| cmp eax, [size] |
| ja .fail ;;;; |
| |
| sub eax, [rx_blocksize] |
| add eax, 4 |
| mov [remaining], eax |
| add ebx, [rx_blocksize] |
| mov [bufferptr], ebx |
| .receive_loop: |
| mcall recv, [sock], [bufferptr], [remaining], 0 |
| DEBUGF 1, "chunk = %u\n", eax |
| cmp eax, 0 |
| jbe .fail |
| add [bufferptr], eax |
| sub [remaining], eax |
| ja .receive_loop |
| |
| ; .decrypt_loop: |
| ; stdcall [decrypt_proc], [rx_context], [buf], [buf] |
| ; ja .decrypt_loop |
| |
| ; .hmac_loop: |
| ; TODO |
| ; ja .hmac_loop |
| |
| ; Return usefull data length in eax |
| mov eax, [buf] |
| movzx ebx, [eax+ssh_header.padding] |
| mov eax, [eax+ssh_header.length] |
| sub eax, ebx |
| DEBUGF 1, "ssh_recv_packet complete, usefull data length=%u\n", eax |
| ret |
| |
| .fail: |
| DEBUGF 1, "ssh_recv_packet failed!\n" |
| mov eax, -1 |
| ret |
| |
| endp |
| |
| |
| proc ssh_send_packet sock, buf, payloadsize, flags |
| |
| locals |
| size dd ? |
| endl |
| DEBUGF 1, "ssh_send_packet: size=%u\n", [payloadsize] |
| |
| mov eax, [payloadsize] |
| inc eax ; padding length byte |
| |
| lea edx, [eax+4] ; total packet size (without padding) |
| mov [size], edx |
| mov ebx, [tx_blocksize] |
| dec ebx |
| and edx, ebx |
| neg edx |
| add edx, [tx_blocksize] |
| cmp edx, 4 ; minimum padding size |
| jae @f |
| add edx, [tx_blocksize] |
| @@: |
| DEBUGF 1, "Padding %u bytes\n", edx |
| add [size], edx |
| |
| add eax, edx |
| DEBUGF 1, "Total size: %u\n", eax |
| bswap eax |
| mov edi, tx_buffer |
| stosd |
| mov al, dl |
| stosb |
| mov esi, [buf] |
| ; cmp esi, edi |
| ; je @f |
| mov ecx, [payloadsize] |
| rep movsb |
| ; @@: |
| |
| mov ebx, edx |
| mov esi, edx |
| and ebx, 3 |
| jz @f |
| call MBRandom |
| mov dword[edi], eax |
| add edi, ebx |
| @@: |
| |
| shr esi, 2 |
| @@: |
| call MBRandom |
| stosd |
| dec esi |
| jnz @r |
| |
| mcall send, [sock], tx_buffer, [size], [flags] |
| |
| ret |
| |
| endp |