WebSVN – Kolibri OS – Diff – /programs/network/ssh/sshlib_dh_gex.inc

-;    dh_gex.inc - Diffie Hellman Group exchange
+;    sshlib_dh_gex.inc - Diffie Hellman Group exchange
+;
 ;    Copyright (C) 2015-2021 Jeffrey Amelynck
+;
 ;    This program is free software: you can redistribute it and/or modify
 ;    it under the terms of the GNU General Public License as published by
 ;    You should have received a copy of the GNU General Public License
 ;    along with this program.  If not, see .
-; https://www.ietf.org/rfc/rfc4419.txt
-; TODO: dont convert mpints to little endian immediately.
-; Or maybe even better, not at all.
+; https://www.ietf.org/rfc/rfc4419.txt
+proc sshlib_dh_gex con_ptr
+locals
+        mpint_tmp               dd ?
+        mpint_p                 dd ?
+        mpint_g                 dd ?
-proc dh_gex
+        mpint_x                 dd ?
+        mpint_e                 dd ?
+        mpint_f                 dd ?
+        mpint_K_big             dd ?
+        k_h_ctx                 dd ?
+        temp_ctx                dd ?
+        H                       dd ?    ; exchange hash
+        rx_iv                   dd ?    ; Rx initialisation vector
+        tx_iv                   dd ?    ; Tx initialisation vector
+        rx_enc_key              dd ?    ; Rx encryption key
+        tx_enc_key              dd ?    ; Tx encryption key
+        rx_int_key              dd ?    ; Rx integrity key
+        tx_int_key              dd ?    ; Tx integrity key
+        K_length                dd ?
+        session_id_x            rb SHA256_HASH_SIZE+1
+        str_K_S                 dd ?    ; server public host key and certificates (K_S)
         mpint_f_big             dd ?    ; pointer to original
+        str_s_of_H              dd ?    ; signature of H
+endl
+; Allocate memory for temp variables
+        mov     ecx, 7*(MAX_BITS/8+4) + 7*SHA256_HASH_SIZE + 2*sizeof.crash_ctx
+        mcall   68, 12
+        test    eax, eax
+        jz      .err_nomem
+; Init pointers for temp variables
+        mov     [mpint_tmp], eax
+        add     eax, (MAX_BITS/8+4)
+        mov     [mpint_p], eax
+        add     eax, (MAX_BITS/8+4)
+        mov     [mpint_g], eax
+        add     eax, (MAX_BITS/8+4)
+        mov     [mpint_x], eax
+        add     eax, (MAX_BITS/8+4)
+        mov     [mpint_e], eax
+        add     eax, (MAX_BITS/8+4)
+        mov     [mpint_f], eax
+        add     eax, (MAX_BITS/8+4)
+        mov     [mpint_K_big], eax
+        add     eax, (MAX_BITS/8+4)
+        mov     [k_h_ctx], eax
+        add     eax, sizeof.crash_ctx
+        mov     [temp_ctx], eax
+        add     eax, sizeof.crash_ctx
+        mov     [H], eax
+        add     eax, SHA256_HASH_SIZE
+        mov     [rx_iv], eax
+        add     eax, SHA256_HASH_SIZE
+        mov     [tx_iv], eax
+        add     eax, SHA256_HASH_SIZE
+        mov     [rx_enc_key], eax
+        add     eax, SHA256_HASH_SIZE
+        mov     [tx_enc_key], eax
+        add     eax, SHA256_HASH_SIZE
+        mov     [rx_int_key], eax
+        add     eax, SHA256_HASH_SIZE
+        mov     [tx_int_key], eax
+;        add     eax, SHA256_HASH_SIZE
+; Copy the partial exchange hash to our temporary one
+        mov     esi, [con_ptr]
+        lea     esi, [esi+sshlib_connection.part_ex_hash_ctx]
-locals
+        mov     edi, [temp_ctx]
-        dh_f_big        dd ?
+        mov     ecx, sizeof.crash_ctx/4
-endl
+        rep movsd
 ;----------------------------------------------
 ; >> Send Diffie-Hellman Group Exchange Request
         DEBUGF  2, "Sending GEX\n"
-        stdcall ssh_send_packet, con, ssh_gex_req, ssh_gex_req.length, 0
+        stdcall sshlib_send_packet, [con_ptr], ssh_msg_gex_req, ssh_msg_gex_req.length, 0
-        cmp     eax, -1
+        cmp     eax, 0
-        je      .socket_err
+        jl      .err
+;---------------------------------------------
-;---------------------------------------------
+; << Parse Diffie-Hellman Group Exchange Group
-; << Parse Diffie-Hellman Group Exchange Group
         stdcall sshlib_recv_packet, [con_ptr], 0
-        stdcall ssh_recv_packet, con, 0
+        cmp     eax, 0
-        cmp     eax, -1
-        je      .socket_err
+        jl      .err
-        cmp     [con.rx_buffer.message_code], SSH_MSG_KEX_DH_GEX_GROUP
+        mov     ebx, [con_ptr]
-        jne     proto_err
+        cmp     [ebx + sshlib_connection.rx_buffer.message_code], SSH_MSG_KEX_DH_GEX_GROUP
-        DEBUGF  2, "Received GEX group\n"
+        jne     .err_proto
-        mov     esi, con.rx_buffer+sizeof.ssh_packet_header
+        DEBUGF  2, "Received GEX group\n"
         DEBUGF  1, "DH modulus (p): "
-        stdcall mpint_to_little_endian, con.dh_p, esi
+        lea     esi, [ebx + sshlib_connection.rx_buffer + sizeof.ssh_packet_header]
-        add     esi, 4
+        stdcall mpint_to_little_endian, [mpint_p], esi
-        add     esi, eax
+        add     esi, 4
-        stdcall mpint_print, con.dh_p
+        add     esi, eax
+        DEBUGM  1, "DH modulus (p): ", [mpint_p]
-        DEBUGF  1, "DH base (g): "
+        stdcall mpint_to_little_endian, [mpint_g], esi
-        stdcall mpint_to_little_endian, con.dh_g, esi
+        add     esi, 4
-        add     esi, 4
+        add     esi, eax
-        add     esi, eax
+        DEBUGM  1, "DH base (g): ", [mpint_g]
         stdcall mpint_print, con.dh_g
 ;-------------------------------------------
 ; If the highest bit is set, add a zero byte
         shl     eax, 1
         jnc     @f
+        mov     byte[edi], 0
-        mov     byte[edi], 0
+        mov     eax, [mpint_x]
-        inc     dword[con.dh_x]
+        inc     dword[eax]
-  @@:
+  @@:
-        DEBUGF  1, "DH x: "
-        stdcall mpint_print, con.dh_x
+        DEBUGM  1, "DH private key (x): ", [mpint_x]
 ; Compute e = g^x mod p
-        stdcall mpint_modexp, con.dh_e, con.dh_g, con.dh_x, con.dh_p
-        stdcall mpint_shrink, con.dh_e
+        stdcall mpint_modexp, [mpint_e], [mpint_g], [mpint_x], [mpint_p]
-        DEBUGF  1, "DH e: "
+        stdcall mpint_shrink, [mpint_e]
-        stdcall mpint_print, con.dh_e
+        DEBUGM  1, "DH public key (e): ", [mpint_e]
-; Create group exchange init packet
-        mov     edi, con.tx_buffer.message_code
+; Create group exchange init packet
-        mov     al, SSH_MSG_KEX_DH_GEX_INIT
+        mov     byte[ebx + sshlib_connection.tx_buffer.message_code], SSH_MSG_KEX_DH_GEX_INIT
-        stosb
+        lea     edi, [ebx + sshlib_connection.tx_buffer.message_code+1]
-        stdcall mpint_to_big_endian, edi, con.dh_e
+        stdcall mpint_to_big_endian, edi, [mpint_e]
+        DEBUGF  2, "Sending GEX init\n"
-        DEBUGF  2, "Sending GEX init\n"
+        mov     ecx, dword[ebx + sshlib_connection.tx_buffer.message_code+1]         ;;;; dword[edi]
-        mov     ecx, dword[con.tx_buffer.message_code+1]
+        bswap   ecx
-        bswap   ecx
+        add     ecx, 5
-        add     ecx, 5
+        lea     esi, [ebx + sshlib_connection.tx_buffer.message_code]
-        stdcall ssh_send_packet, con, con.tx_buffer.message_code, ecx, 0
+        stdcall sshlib_send_packet, [con_ptr], esi, ecx, 0
-        cmp     eax, -1
+        cmp     eax, 0
-        je      .socket_err
+        jl      .err
 ;---------------------------------------------
+; << Parse Diffie-Hellman Group Exchange Reply
-; << Parse Diffie-Hellman Group Exchange Reply
+        stdcall sshlib_recv_packet, [con_ptr], 0
-        stdcall ssh_recv_packet, con, 0
+        cmp     eax, 0
-        cmp     eax, -1
+        jl      .err
         je      .socket_err
+        mov     ebx, [con_ptr]
+        cmp     [ebx + sshlib_connection.rx_buffer.message_code], SSH_MSG_KEX_DH_GEX_REPLY
-        cmp     [con.rx_buffer.message_code], SSH_MSG_KEX_DH_GEX_REPLY
+        jne     .err_proto
         jne     .proto_err
         DEBUGF  2, "Received GEX Reply\n"
-        DEBUGF  2, "Received GEX Reply\n"
+;--------------------------------
-;--------------------------------
+; HASH: string K_S, the host key
-; HASH: string K_S, the host key
+        lea     esi, [ebx + sshlib_connection.rx_buffer + sizeof.ssh_packet_header]
-        mov     esi, con.rx_buffer+sizeof.ssh_packet_header
+        mov     [str_K_S], esi
         mov     edx, [esi]
         bswap   edx
         add     edx, 4
-        lea     ebx, [esi+edx]
+        lea     eax, [esi+edx]
-        mov     [dh_f_big], ebx
+        mov     [mpint_f_big], eax
-        invoke  sha256_update, con.temp_ctx, esi, edx
+        invoke  sha256_update, [temp_ctx], esi, edx
 ;--------------------------------------------------------------------------
 ; HASH: uint32 min, minimal size in bits of an acceptable group
 ;       uint32 n, preferred size in bits of the group the server will send
 ;       uint32 max, maximal size in bits of an acceptable group
-        invoke  sha256_update, con.temp_ctx, ssh_gex_req+sizeof.ssh_packet_header-ssh_packet_header.message_code, 12
+        invoke  sha256_update, [temp_ctx], ssh_msg_gex_req+sizeof.ssh_packet_header-ssh_packet_header.message_code, 12
 ;----------------------------
 ; HASH: mpint p, safe prime
-        stdcall mpint_shrink, con.dh_p
+        stdcall mpint_shrink, [mpint_p]
-        stdcall mpint_to_big_endian, con.mpint_tmp, con.dh_p
+        stdcall mpint_to_big_endian, [mpint_tmp], [mpint_p]
+        add     eax, 4
-        lea     edx, [eax+4]
+        invoke  sha256_update, [temp_ctx], [mpint_tmp], eax
         invoke  sha256_update, con.temp_ctx, con.mpint_tmp, edx
 ;----------------------------------------
-;----------------------------------------
+; HASH: mpint g, generator for subgroup
-; HASH: mpint g, generator for subgroup
+        stdcall mpint_shrink, [mpint_g]
-        stdcall mpint_shrink, con.dh_g
+        stdcall mpint_to_big_endian, [mpint_tmp], [mpint_g]
-        stdcall mpint_to_big_endian, con.mpint_tmp, con.dh_g
+        add     eax, 4
-        lea     edx, [eax+4]
+        invoke  sha256_update, [temp_ctx], [mpint_tmp], eax
         invoke  sha256_update, con.temp_ctx, con.mpint_tmp, edx
 ;---------------------------------------------------
-;---------------------------------------------------
+; HASH: mpint e, exchange value sent by the client
-; HASH: mpint e, exchange value sent by the client
+        mov     ebx, [con_ptr]
-        mov     esi, con.tx_buffer+sizeof.ssh_packet_header
+        lea     esi, [ebx + sshlib_connection.tx_buffer + sizeof.ssh_packet_header]
         mov     edx, [esi]
         bswap   edx
         add     edx, 4
-        invoke  sha256_update, con.temp_ctx, esi, edx
+        invoke  sha256_update, [temp_ctx], esi, edx
-;---------------------------------------------------
-; HASH: mpint f, exchange value sent by the server
-        mov     esi, [dh_f_big]
-        mov     edx, [esi]
-        bswap   edx
+;---------------------------------------------------
-        add     edx, 4
+; HASH: mpint f, exchange value sent by the server
-        invoke  sha256_update, con.temp_ctx, esi, edx
+        mov     esi, [mpint_f_big]
+        mov     edx, [esi]
-        stdcall mpint_to_little_endian, con.dh_f, [dh_f_big]
-        mov     esi, [dh_f_big]
+        bswap   edx
-        add     esi, eax
-        add     esi, 4
+        add     edx, 4
-        DEBUGF  1, "DH f: "
+        invoke  sha256_update, [temp_ctx], esi, edx
-        stdcall mpint_print, con.dh_f
         stdcall mpint_to_little_endian, [mpint_f], [mpint_f_big]
-        stdcall mpint_to_little_endian, con.dh_signature, esi
+        mov     esi, [mpint_f_big]
-        DEBUGF  1, "DH signature: "
-        stdcall mpint_print, con.dh_signature
+        add     esi, eax
+        add     esi, 4
-;--------------------------------------
+        mov     [str_s_of_H], esi
-; Calculate shared secret K = f^x mod p
+        DEBUGM  1, "DH exchange value (f): ", [mpint_f]
-        stdcall mpint_modexp, con.rx_buffer, con.dh_f, con.dh_x, con.dh_p
-        stdcall mpint_shrink, con.rx_buffer
+;--------------------------------------
+; Calculate shared secret K = f^x mod p
+        stdcall mpint_modexp, [mpint_tmp], [mpint_f], [mpint_x], [mpint_p]
-        DEBUGF  1, "DH K: "
+        stdcall mpint_shrink, [mpint_tmp]
-        stdcall mpint_print, con.rx_buffer
+        DEBUGM  1, "DH shared secret (K): ", [mpint_tmp]
 ; We always need it in big endian order, so store it as such.
+        stdcall mpint_to_big_endian, [mpint_K_big], [mpint_tmp]
+        mov     [K_length], eax
+;-----------------------------------
+; HASH: mpint K, the shared secret
+        add     eax, 4
+        invoke  sha256_update, [temp_ctx], [mpint_K_big], eax
-        stdcall mpint_to_big_endian, con.dh_K, con.rx_buffer
+;-------------------------------
+; Finalize the exchange hash (H)
+        invoke  sha256_final, [temp_ctx]
+        mov     esi, [temp_ctx]
-        mov     [con.dh_K_length], eax
+        add     esi, crash_ctx.hash
+        mov     edi, [H]
+        mov     ecx, SHA256_HASH_SIZE/4
+        rep movsd
+        DEBUGF  1, "Exchange hash H: "
+        stdcall dump_hex, [H], SHA256_HASH_SIZE/4
+;--------------------------
-;-----------------------------------
+; Set or get the session id
 ; HASH: mpint K, the shared secret
+        mov     eax, [con_ptr]
-        mov     edx, [con.dh_K_length]
+        cmp     [eax + sshlib_connection.status], SSHLIB_CON_STAT_KEX_DONE
-        add     edx, 4
+        jae     @f
         invoke  sha256_update, con.temp_ctx, con.dh_K, edx
+; If first KEX, verify host public key
-;-------------------------------
+        stdcall sshlib_host_verify, [con_ptr], [str_K_S], [str_s_of_H], [H], SHA256_HASH_SIZE
-; Finalize the exchange hash (H)
+        test    eax, eax
-        invoke  sha256_final, con.temp_ctx
+        jnz     .err
-        mov     esi, con.temp_ctx.hash
-        mov     edi, con.dh_H
+        mov     eax, [con_ptr]
-        mov     ecx, SHA256_HASH_SIZE/4
+        mov     esi, [H]
-        rep movsd
+        lea     edi, [eax + sshlib_connection.session_id]
+        mov     ecx, SHA256_HASH_SIZE/4
-        DEBUGF  1, "Exchange hash H: "
+        rep movsd
-        stdcall dump_hex, con.dh_H, 8
+  @@:
+        lea     esi, [eax + sshlib_connection.session_id]
-; TODO: skip this block when re-keying
+        lea     edi, [session_id_x+1]
-        mov     esi, con.dh_H
+        mov     ecx, SHA256_HASH_SIZE/4
-        mov     edi, con.session_id
+        rep movsd
-        mov     ecx, SHA256_HASH_SIZE/4
         rep movsd
 ;---------------
-;---------------
+; Calculate keys
-; Calculate keys
 ; First, calculate partial hash of K and H so we can re-use it for every key.
 ; First, calculate partial hash of K and H so we can re-use it for every key.
+        invoke  sha256_init, [k_h_ctx]
-        invoke  sha256_init, con.k_h_ctx
         mov     ecx, [K_length]
-        mov     edx, [con.dh_K_length]
+        add     ecx, 4
-        add     edx, 4
+        invoke  sha256_update, [k_h_ctx], [mpint_K_big], ecx
+        invoke  sha256_update, [k_h_ctx], [H], SHA256_HASH_SIZE
-        invoke  sha256_update, con.k_h_ctx, con.dh_K, edx
-        invoke  sha256_update, con.k_h_ctx, con.dh_H, 32
+;---------------------------------------------------------------
+; Initial IV client to server: HASH(K || H || "A" || session_id)
-;---------------------------------------------------------------
-; Initial IV client to server: HASH(K || H || "A" || session_id)
+        mov     esi, [k_h_ctx]
         mov     edi, [temp_ctx]
-        mov     esi, con.k_h_ctx
+        mov     ecx, sizeof.crash_ctx/4
-        mov     edi, con.temp_ctx
+        rep movsd
-        mov     ecx, sizeof.crash_ctx/4
+        lea     edx, [session_id_x]
-        rep movsd
+        mov     byte[edx], 'A'
-        mov     [con.session_id_prefix], 'A'
+        invoke  sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
-        invoke  sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
+        invoke  sha256_final, [temp_ctx]
-        invoke  sha256_final, con.temp_ctx.hash
+        mov     edi, [tx_iv]
-        mov     edi, con.tx_iv
+        mov     esi, [temp_ctx]
-        mov     esi, con.temp_ctx
+        mov     ecx, SHA256_HASH_SIZE/4
+        rep movsd
-        mov     ecx, SHA256_HASH_SIZE/4
-        rep movsd
+        DEBUGF  1, "Remote IV: "
+        stdcall dump_hex, [tx_iv], SHA256_HASH_SIZE/4
-        DEBUGF  1, "Remote IV: "
-        stdcall dump_hex, con.tx_iv, 8
+;---------------------------------------------------------------
 ; Initial IV server to client: HASH(K || H || "B" || session_id)
 ;---------------------------------------------------------------
-; Initial IV server to client: HASH(K || H || "B" || session_id)
+        mov     esi, [k_h_ctx]
         mov     edi, [temp_ctx]
-        mov     esi, con.k_h_ctx
+        mov     ecx, sizeof.crash_ctx/4
-        mov     edi, con.temp_ctx
+        rep movsd
-        mov     ecx, sizeof.crash_ctx/4
+        lea     edx, [session_id_x]
-        rep movsd
+        mov     byte[edx], 'B'
-        inc     [con.session_id_prefix]
+        invoke  sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
-        invoke  sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
+        invoke  sha256_final, [temp_ctx]
+        mov     edi, [rx_iv]
-        invoke  sha256_final, con.temp_ctx
+        mov     esi, [temp_ctx]
-        mov     edi, con.rx_iv
+        mov     ecx, SHA256_HASH_SIZE/4
-        mov     esi, con.temp_ctx
+        rep movsd
-        mov     ecx, SHA256_HASH_SIZE/4
-        rep movsd
+        DEBUGF  1, "Local IV: "
         stdcall dump_hex, [rx_iv], SHA256_HASH_SIZE/4
         DEBUGF  1, "Local IV: "
-        stdcall dump_hex, con.rx_iv, 8
+;-------------------------------------------------------------------
 ; Encryption key client to server: HASH(K || H || "C" || session_id)
 ;-------------------------------------------------------------------
-; Encryption key client to server: HASH(K || H || "C" || session_id)
+        mov     esi, [k_h_ctx]
+        mov     edi, [temp_ctx]
-        mov     esi, con.k_h_ctx
+        mov     ecx, sizeof.crash_ctx/4
-        mov     edi, con.temp_ctx
+        rep movsd
-        mov     ecx, sizeof.crash_ctx/4
+        lea     edx, [session_id_x]
+        mov     byte[edx], 'C'
-        rep movsd
+        invoke  sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
-        inc     [con.session_id_prefix]
+        invoke  sha256_final, [temp_ctx]
-        invoke  sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
+        mov     edi, [tx_enc_key]
-        invoke  sha256_final, con.temp_ctx
+        mov     esi, [temp_ctx]
-        mov     edi, con.tx_enc_key
+        mov     ecx, SHA256_HASH_SIZE/4
-        mov     esi, con.temp_ctx
+        rep movsd
         mov     ecx, SHA256_HASH_SIZE/4
-        rep movsd
+        DEBUGF  1, "Remote key: "
         stdcall dump_hex, [tx_enc_key], SHA256_HASH_SIZE/4
         DEBUGF  1, "Remote key: "
-        stdcall dump_hex, con.tx_enc_key, 8
+;-------------------------------------------------------------------
+; Encryption key server to client: HASH(K || H || "D" || session_id)
 ;-------------------------------------------------------------------
-; Encryption key server to client: HASH(K || H || "D" || session_id)
+        mov     esi, [k_h_ctx]
+        mov     edi, [temp_ctx]
+        mov     ecx, sizeof.crash_ctx/4
-        mov     esi, con.k_h_ctx
+        rep movsd
-        mov     edi, con.temp_ctx
+        lea     edx, [session_id_x]
-        mov     ecx, sizeof.crash_ctx/4
+        mov     byte[edx], 'D'
-        rep movsd
+        invoke  sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
-        inc     [con.session_id_prefix]
+        invoke  sha256_final, [temp_ctx]
-        invoke  sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
+        mov     edi, [rx_enc_key]
-        invoke  sha256_final, con.temp_ctx
+        mov     esi, [temp_ctx]
-        mov     edi, con.rx_enc_key
+        mov     ecx, SHA256_HASH_SIZE/4
-        mov     esi, con.temp_ctx
+        rep movsd
         mov     ecx, SHA256_HASH_SIZE/4
-        rep movsd
+        DEBUGF  1, "Local key: "
+        stdcall dump_hex, [rx_enc_key], SHA256_HASH_SIZE/4
-        DEBUGF  1, "Local key: "
-        stdcall dump_hex, con.rx_enc_key, 8
+;------------------------------------------------------------------
+; Integrity key client to server: HASH(K || H || "E" || session_id)
-;------------------------------------------------------------------
+        mov     esi, [k_h_ctx]
-; Integrity key client to server: HASH(K || H || "E" || session_id)
+        mov     edi, [temp_ctx]
         mov     ecx, sizeof.crash_ctx/4
-        mov     esi, con.k_h_ctx
+        rep movsd
-        mov     edi, con.temp_ctx
+        lea     edx, [session_id_x]
+        mov     byte[edx], 'E'
+        invoke  sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
+        invoke  sha256_final, [temp_ctx]
+        mov     edi, [tx_int_key]
+        mov     esi, [temp_ctx]
+        mov     ecx, SHA256_HASH_SIZE/4
+        rep movsd
+        DEBUGF  1, "Remote Integrity key: "
+        stdcall dump_hex, [tx_int_key], SHA256_HASH_SIZE/4
+;------------------------------------------------------------------
+; Integrity key server to client: HASH(K || H || "F" || session_id)
+        mov     esi, [k_h_ctx]
+        mov     edi, [temp_ctx]
+        mov     ecx, sizeof.crash_ctx/4
+        rep movsd
+        lea     edx, [session_id_x]
+        mov     byte[edx], 'F'
+        invoke  sha256_update, [temp_ctx], edx, SHA256_HASH_SIZE+1
+        invoke  sha256_final, [temp_ctx]
+        mov     edi, [rx_int_key]
+        mov     esi, [temp_ctx]
+        mov     ecx, SHA256_HASH_SIZE/4
+        rep movsd
+        DEBUGF  1, "Local Integrity key: "
+        stdcall dump_hex, [rx_int_key] , SHA256_HASH_SIZE/4
+;-------------------------------------
+; << Parse Diffie-Hellman New Keys MSG
+        stdcall sshlib_recv_packet, [con_ptr], 0
+        cmp     eax, 0
+        jl      .err
+        mov     ebx, [con_ptr]
-        mov     ecx, sizeof.crash_ctx/4
+        cmp     [ebx + sshlib_connection.rx_buffer.message_code], SSH_MSG_NEWKEYS
+        jne     .err_proto
+        DEBUGF  2, "Received New Keys\n"
+;-------------------------------
+; >> Reply with New Keys message
+        stdcall sshlib_send_packet, [con_ptr], ssh_msg_new_keys, ssh_msg_new_keys.length, 0
+        cmp     eax, 0
+        jl      .err
         rep movsd
-        inc     [con.session_id_prefix]
+;----------------------------------------------
-        invoke  sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
+; Set keys and initialize transport subroutines
-        invoke  sha256_final, con.temp_ctx
-        mov     edi, con.tx_int_key
+        DEBUGF  2, "SSH: Setting encryption keys\n"
-        mov     esi, con.temp_ctx
-        mov     ecx, SHA256_HASH_SIZE/4
+        mov     ebx, [con_ptr]
-        rep movsd
+        stdcall aes256_ctr_init, [rx_iv]
+        test    eax, eax
-        DEBUGF  1, "Remote Integrity key: "
+        jz      .err_nomem

Subversion Repositories Kolibri OS

(root)/programs/network/ssh/sshlib_dh_gex.inc – Rev 9070 → 9106