Rev 9990 | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 9990 | Rev 9991 | ||
---|---|---|---|
Line 200... | Line 200... | ||
200 | ; << Check key exchange init of server |
200 | ; << Check key exchange init of server |
201 | stdcall sshlib_recv_packet, [con_ptr], 0 |
201 | stdcall sshlib_recv_packet, [con_ptr], 0 |
202 | cmp eax, -1 |
202 | cmp eax, -1 |
203 | je .err_sock |
203 | je .err_sock |
Line 204... | Line 204... | ||
204 | 204 | ||
205 | mov esi, [con_ptr] |
205 | mov ebx, [con_ptr] |
206 | cmp [esi + sshlib_connection.rx_buffer.message_code], SSH_MSG_KEXINIT |
206 | cmp [ebx + sshlib_connection.rx_buffer.message_code], SSH_MSG_KEXINIT |
207 | jne .err_proto |
207 | jne .err_proto |
- | 208 | DEBUGF 2, "Received KEX init\n" |
|
Line 208... | Line -... | ||
208 | DEBUGF 2, "Received KEX init\n" |
- | |
209 | - | ||
210 | lea esi, [esi + sshlib_connection.rx_buffer + sizeof.ssh_packet_header + 16] |
- | |
211 | lodsd |
209 | lea esi, [ebx + sshlib_connection.rx_buffer + sizeof.ssh_packet_header + 16] |
212 | bswap eax |
- | |
213 | DEBUGF 1, "kex_algorithms: %s\n", esi |
- | |
214 | add esi, eax |
- | |
215 | lodsd |
210 | |
216 | bswap eax |
- | |
217 | DEBUGF 1, "server_host_key_algorithms: %s\n", esi |
- | |
218 | add esi, eax |
- | |
219 | lodsd |
- | |
220 | bswap eax |
- | |
221 | DEBUGF 1, "encryption_algorithms_client_to_server: %s\n", esi |
- | |
222 | add esi, eax |
- | |
223 | lodsd |
- | |
224 | bswap eax |
- | |
225 | DEBUGF 1, "encryption_algorithms_server_to_client: %s\n", esi |
- | |
226 | add esi, eax |
- | |
227 | lodsd |
- | |
228 | bswap eax |
- | |
229 | DEBUGF 1, "mac_algorithms_client_to_server: %s\n", esi |
- | |
230 | add esi, eax |
- | |
231 | lodsd |
- | |
232 | bswap eax |
- | |
233 | DEBUGF 1, "mac_algorithms_server_to_client: %s\n", esi |
- | |
234 | add esi, eax |
- | |
235 | lodsd |
- | |
236 | bswap eax |
- | |
237 | DEBUGF 1, "compression_algorithms_client_to_server: %s\n", esi |
- | |
238 | add esi, eax |
- | |
239 | lodsd |
- | |
240 | bswap eax |
211 | DEBUGF 2, "kex_algorithm " |
241 | DEBUGF 1, "compression_algorithms_server_to_client: %s\n", esi |
- | |
242 | add esi, eax |
- | |
243 | lodsd |
- | |
244 | bswap eax |
212 | stdcall sshlib_algo_find_match, ssh_msg_kex.kex_algorithms, algorithms_kex |
245 | DEBUGF 1, "languages_client_to_server: %s\n", esi |
- | |
246 | add esi, eax |
- | |
247 | lodsd |
213 | test eax, eax |
248 | bswap eax |
- | |
249 | DEBUGF 1, "languages_server_to_client: %s\n", esi |
- | |
250 | add esi, eax |
- | |
Line 251... | Line 214... | ||
251 | lodsb |
214 | jz .err_no_algo |
- | 215 | mov [ebx + sshlib_connection.algo_kex], eax |
|
252 | DEBUGF 1, "KEX First Packet Follows: %u\n", al |
216 | |
253 | 217 | DEBUGF 2, "server_host_key_algorithm " |
|
254 | ; TODO: parse this structure and set algorithm codes accordingly |
218 | stdcall sshlib_algo_find_match, ssh_msg_kex.server_host_key_algorithms, algorithms_hostkey |
- | 219 | test eax, eax |
|
- | 220 | jz .err_no_algo |
|
- | 221 | mov [ebx + sshlib_connection.algo_hostkey], eax |
|
- | 222 | ||
- | 223 | DEBUGF 2, "encryption_algorithm_client_to_server " |
|
255 | ; FIXME: hardcoded for now |
224 | stdcall sshlib_algo_find_match, ssh_msg_kex.encryption_algorithms_client_to_server, algorithms_crypt |
- | 225 | test eax, eax |
|
- | 226 | jz .err_no_algo |
|
- | 227 | mov [ebx + sshlib_connection.algo_crypt_tx], eax |
|
- | 228 | ||
- | 229 | DEBUGF 2, "encryption_algorithm_server_to_client ", |
|
256 | mov esi, [con_ptr] |
230 | stdcall sshlib_algo_find_match, ssh_msg_kex.encryption_algorithms_server_to_client, algorithms_crypt |
- | 231 | test eax, eax |
|
- | 232 | jz .err_no_algo |
|
257 | mov [esi+sshlib_connection.algo_kex], SSHLIB_KEX_DH_SHA256 |
233 | mov [ebx + sshlib_connection.algo_crypt_rx], eax |
- | 234 | ||
- | 235 | DEBUGF 2, "mac_algorithm_client_to_server " |
|
258 | mov [esi+sshlib_connection.algo_hostkey], SSHLIB_HOSTKEY_RSA |
236 | stdcall sshlib_algo_find_match, ssh_msg_kex.mac_algorithms_client_to_server, algorithms_mac |
- | 237 | test eax, eax |
|
- | 238 | jz .err_no_algo |
|
- | 239 | mov [ebx + sshlib_connection.algo_mac_tx], eax |
|
- | 240 | ||
- | 241 | DEBUGF 2, "mac_algorithm_server_to_client " |
|
259 | mov [esi+sshlib_connection.algo_crypt_rx], SSHLIB_CRYPT_AES256_CTR |
242 | stdcall sshlib_algo_find_match, ssh_msg_kex.mac_algorithms_server_to_client, algorithms_mac |
- | 243 | test eax, eax |
|
- | 244 | jz .err_no_algo |
|
- | 245 | mov [ebx + sshlib_connection.algo_mac_rx], eax |
|
- | 246 | ||
- | 247 | DEBUGF 2, "compression_algorithm_client_to_server " |
|
260 | mov [esi+sshlib_connection.algo_crypt_tx], SSHLIB_CRYPT_AES256_CTR ; SSHLIB_CRYPT_CHACHA20_POLY1305 |
248 | stdcall sshlib_algo_find_match, ssh_msg_kex.compression_algorithms_client_to_server, algorithms_compression |
- | 249 | test eax, eax |
|
- | 250 | jz .err_no_algo |
|
- | 251 | mov [ebx + sshlib_connection.algo_compr_tx], eax |
|
- | 252 | ||
- | 253 | DEBUGF 2, "compression_algorithm_server_to_client " |
|
261 | mov [esi+sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_256_ETM |
254 | stdcall sshlib_algo_find_match, ssh_msg_kex.compression_algorithms_server_to_client, algorithms_compression |
- | 255 | test eax, eax |
|
- | 256 | jz .err_no_algo |
|
- | 257 | mov [ebx + sshlib_connection.algo_compr_rx], eax |
|
- | 258 | ||
- | 259 | DEBUGF 2, "language_client_to_server " |
|
- | 260 | stdcall sshlib_algo_find_match, ssh_msg_kex.languages_client_to_server, languages |
|
- | 261 | ||
- | 262 | DEBUGF 2, "language_server_to_client " |
|
- | 263 | stdcall sshlib_algo_find_match, ssh_msg_kex.languages_server_to_client, languages |
|
Line 262... | Line 264... | ||
262 | mov [esi+sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_256_ETM |
264 | |
263 | mov [esi+sshlib_connection.algo_compr_rx], SSHLIB_ALGO_NONE |
265 | lodsb |
264 | mov [esi+sshlib_connection.algo_compr_tx], SSHLIB_ALGO_NONE |
266 | DEBUGF 2, "KEX First Packet Follows: %u\n", al |
265 | 267 | ||
Line 275... | Line 277... | ||
275 | mov dword[esi], eax |
277 | mov dword[esi], eax |
276 | invoke sha2_256.update, [ctx_ptr], esi, edx |
278 | invoke sha2_256.update, [ctx_ptr], esi, edx |
Line 277... | Line 279... | ||
277 | 279 | ||
Line -... | Line 280... | ||
- | 280 | ; Exchange keys with the server |
|
- | 281 | ||
- | 282 | mov ebx, [con_ptr] |
|
- | 283 | cmp [ebx + sshlib_connection.algo_kex], SSHLIB_KEX_DH_SHA256 ; only kex algo supported for now |
|
278 | ; Exchange keys with the server |
284 | jne .err_no_algo |
279 | 285 | ||
280 | stdcall sshlib_dh_gex, [con_ptr] |
286 | stdcall sshlib_dh_gex, [con_ptr] |
Line 281... | Line 287... | ||
281 | test eax, eax |
287 | test eax, eax |
Line 321... | Line 327... | ||
321 | jmp .have_rx_crypt_and_mac |
327 | jmp .have_rx_crypt_and_mac |
Line 322... | Line 328... | ||
322 | 328 | ||
323 | 329 | ||
324 | 330 | ||
325 | .have_rx_crypt: |
331 | .have_rx_crypt: |
326 | cmp [ebx + sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_256 |
332 | cmp [ebx + sshlib_connection.algo_mac_rx], SSHLIB_MAC_HMAC_SHA2_256 |
327 | je .rx_hmac_sha2_256 |
333 | je .rx_hmac_sha2_256 |
328 | cmp [ebx + sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_512 |
334 | cmp [ebx + sshlib_connection.algo_mac_rx], SSHLIB_MAC_HMAC_SHA2_512 |
329 | je .rx_hmac_sha2_512 |
335 | je .rx_hmac_sha2_512 |
330 | cmp [ebx + sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_256_ETM |
336 | cmp [ebx + sshlib_connection.algo_mac_rx], SSHLIB_MAC_HMAC_SHA2_256_ETM |
Line 331... | Line 337... | ||
331 | je .rx_hmac_sha2_256_etm |
337 | je .rx_hmac_sha2_256_etm |
Line 332... | Line 338... | ||
332 | cmp [ebx + sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_512_ETM |
338 | cmp [ebx + sshlib_connection.algo_mac_rx], SSHLIB_MAC_HMAC_SHA2_512_ETM |
Line 401... | Line 407... | ||
401 | jmp .have_tx_crypt_and_mac |
407 | jmp .have_tx_crypt_and_mac |
Line 402... | Line 408... | ||
402 | 408 | ||
403 | 409 | ||
404 | 410 | ||
405 | .have_tx_crypt: |
411 | .have_tx_crypt: |
406 | cmp [ebx + sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_256 |
412 | cmp [ebx + sshlib_connection.algo_mac_tx], SSHLIB_MAC_HMAC_SHA2_256 |
407 | je .tx_hmac_sha2_256 |
413 | je .tx_hmac_sha2_256 |
408 | cmp [ebx + sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_512 |
414 | cmp [ebx + sshlib_connection.algo_mac_tx], SSHLIB_MAC_HMAC_SHA2_512 |
409 | je .tx_hmac_sha2_512 |
415 | je .tx_hmac_sha2_512 |
410 | cmp [ebx + sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_256_ETM |
416 | cmp [ebx + sshlib_connection.algo_mac_tx], SSHLIB_MAC_HMAC_SHA2_256_ETM |
Line 411... | Line 417... | ||
411 | je .tx_hmac_sha2_256_etm |
417 | je .tx_hmac_sha2_256_etm |
Line 412... | Line 418... | ||
412 | cmp [ebx + sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_512_ETM |
418 | cmp [ebx + sshlib_connection.algo_mac_tx], SSHLIB_MAC_HMAC_SHA2_512_ETM |
Line 443... | Line 449... | ||
443 | jmp .have_tx_crypt_and_mac |
449 | jmp .have_tx_crypt_and_mac |
Line 444... | Line 450... | ||
444 | 450 | ||
Line 445... | Line -... | ||
445 | - | ||
446 | .have_tx_crypt_and_mac: |
451 | |
Line 447... | Line 452... | ||
447 | 452 | .have_tx_crypt_and_mac: |
|
448 | 453 | ||
Line 449... | Line 454... | ||
449 | ; Re-seed RNG for padding bytes |
454 | ; Re-seed RNG for padding bytes |
450 | 455 | ||
Line -... | Line 456... | ||
- | 456 | call create_seed |
|
- | 457 | call init_random |
|
- | 458 | ||
- | 459 | xor eax, eax |
|
451 | call create_seed |
460 | ret |
452 | call init_random |
461 | |
453 | 462 | .err_no_algo: |
|
Line 454... | Line 463... | ||
454 | xor eax, eax |
463 | mov eax, SSHLIB_ERR_NO_ALGO |
Line 470... | Line 479... | ||
470 | ret |
479 | ret |
Line 471... | Line 480... | ||
471 | 480 | ||
Line -... | Line 481... | ||
- | 481 | endp |
|
- | 482 | ||
- | 483 | ||
- | 484 | ||
- | 485 | proc sshlib_algo_find_match uses ebx ecx edx edi, client_str, algo_list |
|
- | 486 | ||
- | 487 | locals |
|
- | 488 | server_str dd ? |
|
- | 489 | next_str dd ? |
|
- | 490 | current dd ? |
|
- | 491 | endl |
|
- | 492 | ||
- | 493 | lodsd |
|
- | 494 | mov [server_str], esi |
|
- | 495 | bswap eax |
|
- | 496 | lea ecx, [esi + eax] |
|
- | 497 | mov [next_str], ecx |
|
- | 498 | ||
- | 499 | mov edi, [client_str] |
|
- | 500 | mov edx, dword[edi] |
|
- | 501 | bswap edx |
|
- | 502 | add edi, 4 |
|
- | 503 | add edx, edi ; end of string |
|
- | 504 | ||
- | 505 | .go: |
|
- | 506 | mov [current], edi |
|
- | 507 | .cmp: |
|
- | 508 | cmp esi, ecx |
|
- | 509 | jae .end_of_s |
|
- | 510 | mov al, byte[esi] |
|
- | 511 | inc esi |
|
- | 512 | .cmp_1: |
|
- | 513 | cmp edi, edx |
|
- | 514 | jae .end_of_c |
|
- | 515 | mov bl, byte[edi] |
|
- | 516 | inc edi |
|
- | 517 | .cmp_2: |
|
- | 518 | cmp al, bl |
|
- | 519 | jne .mismatch |
|
- | 520 | ||
- | 521 | cmp al, ',' |
|
- | 522 | jne .cmp |
|
- | 523 | ||
- | 524 | ; algo matches, print it to debug board |
|
- | 525 | DEBUGF 2, "= " |
|
- | 526 | mov edi, [current] |
|
- | 527 | @@: |
|
- | 528 | cmp edi, edx |
|
- | 529 | jae @f |
|
- | 530 | mov cl, byte[edi] |
|
- | 531 | cmp cl, ',' |
|
- | 532 | je @f |
|
- | 533 | mcall 63, 1 |
|
- | 534 | inc edi |
|
- | 535 | jmp @r |
|
- | 536 | @@: |
|
- | 537 | ; mcall 63, 1, 10 ; print newline |
|
- | 538 | ||
- | 539 | ; and now find it in algo list |
|
- | 540 | mov esi, [algo_list] |
|
- | 541 | .algo_loop: |
|
- | 542 | mov edi, [current] |
|
- | 543 | lodsd |
|
- | 544 | mov ebx, eax ; algo code |
|
- | 545 | test eax, eax |
|
- | 546 | jz .no_match |
|
- | 547 | ||
- | 548 | .algo_charloop: |
|
- | 549 | lodsb |
|
- | 550 | test al, al |
|
- | 551 | jz .check_end |
|
- | 552 | cmp al, byte[edi] |
|
- | 553 | jne .next_algo |
|
- | 554 | inc edi |
|
- | 555 | cmp edi, edx |
|
- | 556 | jb .algo_charloop |
|
- | 557 | ; we reached end of input, check end of algo token |
|
- | 558 | cmp byte[esi], 0 |
|
- | 559 | je .algo_match |
|
- | 560 | jmp .next_algo |
|
- | 561 | ; we reached end of algo token, check end of input |
|
- | 562 | .check_end: |
|
- | 563 | cmp byte[edi], ',' |
|
- | 564 | je .algo_match |
|
- | 565 | ||
- | 566 | .next_algo_loop: |
|
- | 567 | lodsb |
|
- | 568 | .next_algo: |
|
- | 569 | test al, al |
|
- | 570 | jnz .next_algo_loop |
|
- | 571 | jmp .algo_loop |
|
- | 572 | ||
- | 573 | .algo_match: |
|
- | 574 | mov eax, ebx |
|
- | 575 | mov esi, [next_str] |
|
- | 576 | DEBUGF 2," (%u)\n", eax |
|
- | 577 | ret |
|
- | 578 | ||
- | 579 | .end_of_s: |
|
- | 580 | mov al, ',' |
|
- | 581 | jmp .cmp_1 |
|
- | 582 | ||
- | 583 | .end_of_c: |
|
- | 584 | mov bl, ',' |
|
- | 585 | jmp .cmp_2 |
|
- | 586 | ||
- | 587 | .mismatch: |
|
- | 588 | ; character mismatch, reset client str and go to next server token |
|
- | 589 | mov edi, [current] |
|
- | 590 | @@: |
|
- | 591 | mov al, byte[esi] |
|
- | 592 | inc esi |
|
- | 593 | ||
- | 594 | cmp al, ',' |
|
- | 595 | je .cmp |
|
- | 596 | ||
- | 597 | cmp esi, ecx |
|
- | 598 | jb @r |
|
- | 599 | ||
- | 600 | ; end of server str, reset it and go to next client token |
|
- | 601 | mov esi, [server_str] |
|
- | 602 | @@: |
|
- | 603 | mov bl, byte[edi] |
|
- | 604 | inc edi |
|
- | 605 | ||
- | 606 | cmp bl, ',' |
|
- | 607 | je .go |
|
- | 608 | ||
- | 609 | cmp edi, edx |
|
- | 610 | jb @r |
|
- | 611 | ||
- | 612 | ; end of client str, no match found |
|
- | 613 | .no_match: |
|
- | 614 | xor eax, eax |
|
- | 615 | mov esi, [next_str] |
|
- | 616 | DEBUGF 2," (%u)\n", eax |
|
- | 617 | ret |
|
- | 618 | ||
Line 472... | Line 619... | ||
472 | endp |
619 | endp |
473 | 620 |