WebSVN – Kolibri OS – Diff – /programs/network/ssh/sshlib_host.inc

 ;    along with this program.  If not, see .
 ; https://datatracker.ietf.org/doc/html/rfc4253#section-6.6
+; https://datatracker.ietf.org/doc/html/rfc3447
-; https://datatracker.ietf.org/doc/html/rfc3447
+; https://datatracker.ietf.org/doc/html/rfc4716
+proc sshlib_host_verify  con_ptr, str_host_key, str_signature, message, message_len
-proc sshlib_host_verify  con_ptr, str_host_key, str_signature, message, message_len
+locals
+        current_hkb64           rb MAX_PUBLIC_KEY_SIZE*4        ; Current Host key in Base64
+        cached_hkb64            rb MAX_PUBLIC_KEY_SIZE*4        ; Cached Host key in Base64
         key_name_sz             dd ?
-locals
+        hostname_sz             dd ?
+        current_hk64_end        dd ?
+endl
         known_key_sz rb MAX_PUBLIC_KEY_SIZE
-endl
+        mov     eax, [con_ptr]
         lea     ebx, [eax + sshlib_connection.hostname_sz]
-        mov     eax, [con_ptr]
+        mov     [hostname_sz], ebx
         cmp     [eax+sshlib_connection.algo_hostkey], SSHLIB_HOSTKEY_RSA
         je      .rsa
         ; ..add more here
         mov     eax, SSHLIB_ERR_HKEY_NO_ALGO
         ret
   .rsa:
+        stdcall sshlib_host_verify_rsa, [str_host_key], [str_signature], [message], [message_len]
-  .rsa:
+        test    eax, eax
-        stdcall sshlib_host_verify_rsa, [str_host_key], [str_signature], [message], [message_len]
+        jnz     .err
+        mov     [key_name_sz], ssh_rsa_sz
-        test    eax, eax
+  .lookup:
+; Convert the current host key to base64
+        mov     esi, [str_host_key]
+        mov     ecx, [esi]
+        bswap   ecx
+        add     esi, 4
-        jnz     .err
+        lea     edi, [current_hkb64]
+        call    base64_encode
-  .lookup:
+        mov     [current_hk64_end], edi
-;        lea     eax, [known_key_sz]
-;        mov     ebx, [con_ptr]
+; Try to read the cached key for this host and key type
+        lea     edi, [cached_hkb64]
+        invoke  ini_get_str, known_hostsfile, [hostname_sz], [key_name_sz], edi, MAX_PUBLIC_KEY_SIZE*4, 0
+        test    eax, eax
+        jnz     .unknown
+; If the cached key is empty, return SSHLIB_HOSTKEY_PROBLEM_UNKNOWN
+        lea     esi, [cached_hkb64]
+        cmp     byte[esi], 0
+        je      .unknown
-;        lea     ebx, [ebx + sshlib_connection.hostname_sz]
+; Else, compare it to the current one
-;        invoke  ini_get_str, known_hosts_file, ebx, ssh_rsa_sz, eax, MAX_PUBLIC_KEY_SIZE, null_sz
+        lea     edi, [current_hkb64]
+        mov     ecx, MAX_PUBLIC_KEY_SIZE*4
+  .cmploop:
+        lodsb
-;        test    eax, eax
+        scasb
+        jne     .mismatch
-;        jnz     .unknown
+        test    al, al
         jz      .match
-; TODO: verify cached host key
+        dec     ecx
+        jnz     .cmploop
-;        jne     .mismatch
+        jmp     .mismatch
-        jmp     .unknown        ; FIXME
+  .match:
         xor     eax, eax
-        xor     eax, eax
+        ret
         ret
+  .mismatch:
-  .mismatch:
+int3
-        lea     eax, [known_key_sz]
+        lea     eax, [current_hkb64]
         stdcall sshlib_callback_hostkey_problem, [con_ptr], SSHLIB_HOSTKEY_PROBLEM_MISMATCH, eax
         cmp     eax, SSHLIB_HOSTKEY_ACCEPT
         je      .store
+        ret
+  .unknown:
-        ret
+        lea     eax, [current_hkb64]
+        stdcall sshlib_callback_hostkey_problem, [con_ptr], SSHLIB_HOSTKEY_PROBLEM_UNKNOWN, eax
-  .unknown:
+        cmp     eax, SSHLIB_HOSTKEY_ACCEPT
-        lea     eax, [known_key_sz]
+        je      .store
-        stdcall sshlib_callback_hostkey_problem, [con_ptr], SSHLIB_HOSTKEY_PROBLEM_UNKNOWN, eax
+        ret
         ret
+endp
+base64_encode:
+        xor     ebx, ebx
+  .loop:
+        lodsb
+        call    .byte
+        dec     ecx
+        jnz     .loop
+  .final:
+        mov     al, 0
+        test    ebx, ebx
+        jz      .f000
+        call    .byte
+        test    ebx, ebx
+        jz      .f001
+        call    .byte
+        mov     byte[edi-2], '='
+  .f001:
+        mov     byte[edi-1], '='
+  .f000:
+        mov     byte[edi], 0
+        ret
+  .byte:
+        inc     ebx
+        shl     edx, 8
+        mov     dl, al
+        cmp     ebx, 3
+        je      .b001
+        ret
+  .b001:
+        shl     edx, 8
+        inc     ebx
+  .b002:
+        rol     edx, 6
+        xor     eax, eax
+        xchg    al, dl
+        mov     al, [base64_table+eax]
+        stosb
+        dec     ebx
+        jnz     .b002
+        ret
 endp
 iglobal
+        known_hostsfile db '/sys/settings/known_hosts.ini', 0
-iglobal
+        base64_table    db 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'

Subversion Repositories Kolibri OS

(root)/programs/network/ssh/sshlib_host.inc – Rev 9106 → 9112