b00bl1k/kolibrios
1
0
Fork 0
forked from KolibriOS/kolibrios
Code Pull Requests Activity

SSH: Added user authentication. Fixed padding. Other bugfixes.

Browse Source 
Changed hardcoded encryption mode from AES256-CBC to AES256-CTR.
Added blowfish encryption algorithm code.
MPINT: Improved multi precision math routines. Variable length MPINTS, leading zeroes allowed but not nescessary. Other bugfixes.
Added tests vectors for MPINT routines.


git-svn-id: svn://kolibrios.org@9070 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
hidnplayr 2021-07-20 20:14:53 +00:00
parent 774aee343f
commit 66f0a0e45d
12 changed files with 32621 additions and 220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
programs/network/ssh/aes256.inc
View File

@ -635,7 +635,7 @@ endl
ret ret
endp endp
proc aes256_decrypt _key, _in, _out proc aes256_decrypt _ctx, _in, _out
locals locals
s rd 4 s rd 4
t rd 4 t rd 4
@ -646,7 +646,7 @@ endl
DEBUGF 1,'input : ' DEBUGF 1,'input : '
stdcall dump_hex, [_in], 4 stdcall dump_hex, [_in], 4
mov ebx, [_key] mov ebx, [_ctx]
mov esi, [_in] mov esi, [_in]
lea edi, [s] lea edi, [s]

114
programs/network/ssh/blowfish-cbc.inc Normal file
View File

@ -0,0 +1,114 @@
; blowfish-cbc.inc - Blowfish Cipher Block Chaining
;
; Copyright (C) 2018 Jeffrey Amelynck
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
struct blowfish_cbc_context blowfish_context
vector rb BLOWFISH_BLOCKSIZE
ends
proc blowfish_cbc_init _vector
push ebx esi edi
mcall 68, 12, sizeof.blowfish_cbc_context
; handle errors
mov ecx, BLOWFISH_BLOCKSIZE/4
mov esi, [_vector]
lea edi, [eax + blowfish_cbc_context.vector]
rep movsd
; rep movsd is slow, but we don't care while init
pop edi esi ebx
ret
endp
proc blowfish_cbc_encrypt _ctx, _in, _out
push ebx esi edi
DEBUGF 1,'plain : '
stdcall dump_hex, [_in], 4
mov edi, [_ctx]
lea edi, [edi + blowfish_cbc_context.vector]
mov esi, [_in]
repeat blowfish_BLOCKSIZE/4
lodsd
xor eax, [edi]
stosd
end repeat
mov esi, [_ctx]
lea eax, [esi + blowfish_cbc_context.pbox]
lea ebx, [esi + blowfish_cbc_context.vector]
stdcall blowfish_encrypt, eax, ebx, [_out] ; Key, in, out
mov esi, [_out]
mov eax, [_ctx]
lea edi, [eax + blowfish_cbc_context.vector]
repeat blowfish_BLOCKSIZE/4
movsd
end repeat
DEBUGF 1,'cipher : '
stdcall dump_hex, [_out], 4
pop edi esi ebx
ret
endp
proc blowfish_cbc_decrypt _ctx, _in, _out
locals
temp_iv rb BLOWFISH_BLOCKSIZE
endl
push ebx esi edi
DEBUGF 1,'cipher : '
stdcall dump_hex, [_in], 4
mov esi, [_in]
lea edi, [temp_iv]
repeat BLOWFISH_BLOCKSIZE/4
movsd
end repeat
mov esi, [_ctx]
lea eax, [esi + blowfish_cbc_context.pbox]
stdcall blowfish_decrypt, eax, [_in], [_out] ; Key, in, out
mov esi, [_ctx]
lea esi, [esi + blowfish_cbc_context.vector]
mov edi, [_out]
repeat BLOWFISH_BLOCKSIZE/4
lodsd
xor eax, [edi]
stosd
end repeat
lea esi, [temp_iv]
mov edi, [_ctx]
lea edi, [edi + blowfish_cbc_context.vector]
repeat BLOWFISH_BLOCKSIZE/4
movsd
end repeat
DEBUGF 1,'plain : '
stdcall dump_hex, [_out], 4
pop edi esi ebx
ret
endp

107
programs/network/ssh/blowfish-ctr.inc Normal file
View File

@ -0,0 +1,107 @@
; blowfish-ctr.inc - Blowfish Counter Mode
;
; Copyright (C) 2016 Ivan Baravy (dunkaist)
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
struct blowfish_ctr_context blowfish_context
counter rb BLOWFISH_BLOCKSIZE
output rb BLOWFISH_BLOCKSIZE ; counter after blowfish_crypt
ends
proc blowfish_ctr_init _counter
push ebx esi edi
mcall 68, 12, sizeof.blowfish_ctr_context
; handle errors
mov ecx, BLOWFISH_BLOCKSIZE/4
mov esi, [_counter]
lea edi, [eax + blowfish_ctr_context.counter]
rep movsd
; rep movsd is slow, but we don't care while init
pop edi esi ebx
ret
endp
proc blowfish_ctr_crypt _ctx, _in, _out
push ebx esi edi
DEBUGF 1,'plain : '
stdcall dump_hex, [_in], 4
mov esi, [_ctx]
lea eax, [esi + blowfish_ctr_context.key]
lea ebx, [esi + blowfish_ctr_context.counter]
lea ecx, [esi + blowfish_ctr_context.output]
stdcall blowfish_encrypt, eax, ebx, ecx ; Key, in, out
mov ebx, [_ctx]
mov esi, [_in]
mov edi, [_out]
mov eax, [esi + 4*0]
xor eax, dword[ebx + blowfish_ctr_context.output + 4*0]
mov [edi + 4*0], eax
mov eax, [esi + 4*1]
xor eax, dword[ebx + blowfish_ctr_context.output + 4*1]
mov [edi + 4*1], eax
mov eax, [esi + 4*2]
xor eax, dword[ebx + blowfish_ctr_context.output + 4*2]
mov [edi + 4*2], eax
mov eax, [esi + 4*3]
xor eax, dword[ebx + blowfish_ctr_context.output + 4*3]
mov [edi + 4*3], eax
; Increment counter
mov esi, [_ctx]
mov eax, dword[esi + blowfish_ctr_context.counter + 4*0]
mov ebx, dword[esi + blowfish_ctr_context.counter + 4*1]
mov ecx, dword[esi + blowfish_ctr_context.counter + 4*2]
mov edx, dword[esi + blowfish_ctr_context.counter + 4*3]
bswap eax
bswap ebx
bswap ecx
bswap edx
inc edx
adc ecx, 0
adc ebx, 0
adc eax, 0
bswap eax
bswap ebx
bswap ecx
bswap edx
mov dword[esi + blowfish_ctr_context.counter + 4*0], eax
mov dword[esi + blowfish_ctr_context.counter + 4*1], ebx
mov dword[esi + blowfish_ctr_context.counter + 4*2], ecx
mov dword[esi + blowfish_ctr_context.counter + 4*3], edx
DEBUGF 1,'cipher : '
stdcall dump_hex, [_out], 4
pop edi esi ebx
ret
endp

628
programs/network/ssh/blowfish.inc Normal file
View File

@ -0,0 +1,628 @@
;--------------------------------------------------------------------------;
; Blowfish algorithm by Echo
;--------------------------------------------------------------------------;
; Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce
; Schneier and included in a large number of cipher suites and encryption products.
;--------------------------------------------------------------------------;
; Implemented in x86 assembly using FASM
;--------------------------------------------------------------------------;
BLOWFISH_BLOCKSIZE = 8
struct blowfish_context
pbox rd 18
sbox rd 1024
ends
;--------------------------------------------------------------------------;
; blowfish_init F: Generates subkeys to be used for encryption and decryption
; @ctx_init: Pointer an allocated region of memory that will contain a crypt context
; @key: Pointer to an array of bytes to be used to encrypt or decrypt a 64-bit block of data
; @key_len: Length of @key, not to exceed 56 bytes
; Return: Nothing
;--------------------------------------------------------------------------;
proc blowfish_set_key, _ctx, _userkey, _userkey_len
push ecx
push edx
push ebx
push edi
push esi
; Write the values of the PBOX into a region allocated for the crypt context
mov edi, [_ctx]
mov esi, blowfish_fixed_p
mov ecx, 18
rep movsd
; Write the values of the SBOX into that context
mov esi, blowfish_fixed_s
mov ecx, 1024
rep movsd
xor ecx, ecx
xor eax, eax
.init_subkey_generation:
xor edx, edx
xor ebx, ebx
.init_subkey_generation2:
; Check to make sure the index offset doesn't go out of bounds
cmp [_userkey_len], eax
jne .dont_reset_index
xor eax, eax
.dont_reset_index:
mov esi, [_userkey]
; Create an element so that, the element is bitwise shifted left by 8 bits and bitwise or'd with @key at the current offset
mov esi, [esi + eax]
and esi, 0xFF
shl ebx, 8
or ebx, esi
inc eax
inc edx
cmp edx, 4
jne .init_subkey_generation2
; Bitwise xor every integar in the pbox of the crypt context with previous result
mov esi, [_ctx]
xor dword [esi + ecx * 4], ebx
inc ecx
cmp ecx, 18
jne .init_subkey_generation
xor ebx, ebx
xor eax, eax
xor edx, edx
.init_permutations:
; Store two 32-bit unsigned integars on the stack and pass their stack location to blowfish_encrypt_block
push edx
push eax
mov esi, esp
add esi, 4
push esi
sub esi, 4
push esi
push [_ctx]
call blowfish_encrypt
pop eax
pop edx
; Move the upper 32 bits of the result from the above call to blowfish_encrypt_block into every other element in the PBOX of the crypt context
mov esi, [_ctx]
mov [esi + ebx * 4], eax
; Same prodecure here except use the lower 32 bits
inc ebx
mov dword [esi + ebx * 4], edx
inc ebx
cmp ebx, 18
jne .init_permutations
xor ebx, ebx
.init_substitution_box:
xor ecx, ecx
.init_substitution_box2:
; Store two 32-bit unsigned integars on the stack and pass their stack location to blowfish_encrypt_block
push edx
push eax
mov esi, esp
add esi, 4
push esi
sub esi, 4
push esi
push [_ctx]
call blowfish_encrypt
pop eax
pop edx
; Find the correct address of the required element in the SBOX of the crypt context
mov esi, [_ctx]
lea esi, [esi + 72 + ecx * 4]
push eax
mov eax, ebx
push ecx
mov ecx, 1024
push edx
mul ecx
pop edx
pop ecx
add esi, eax
pop eax
; Move the upper 32-bit result from the previous call to blowfish_encrypt_block into the SBOX of the crypt context, offset by the previous result
mov [esi], eax
; Same procedure here except, use the lower 32-bit result for every other element in the SBOX of the crypt context
mov [esi + 4], edx
inc ecx
inc ecx
cmp ecx, 256
jne .init_substitution_box2
inc ebx
cmp ebx, 4
jne .init_substitution_box
pop esi
pop edi
pop ebx
pop edx
pop ecx
ret
endp
;--------------------------------------------------------------------------;
; Procedure F: Seperates @x into four 8-bit quarters
; @ctx_F: Pointer to crypt context to be used
; @x: 32-bit unsigned integar to be used
; Return: Divided value of @x
;--------------------------------------------------------------------------;
proc blowfish_f, _ctx, x
push edx
push ecx
mov edx, [x]
shr edx, 24
and edx, 0xFF
mov ecx, [x]
shr ecx, 16
and ecx, 0xFF
; Get an unsigned integar from the first 256 integers in the SBOX in relation to the upper 8 bits of @x
mov eax, [_ctx]
mov eax, [eax + edx * 4 + 0x48]
; Do the same here but take the lower 8 bits of the high word and add the two together
mov edx, [_ctx]
add eax, [edx + ecx * 4 + 0x448]
mov edx, [x]
shr edx, 8
and edx, 0xFF
; Same procedure except, use the upper 8 bits of the low word and xor with the previous value
mov ecx, [_ctx]
xor eax, [ecx + edx * 4 + 0x848]
; Same procedure except, use the lower 8 bits of the low word and add to the previous value
mov edx, [x]
and edx, 0xFF
add eax, [ecx + edx * 4 + 0xC48]
pop ecx
pop edx
ret
endp
proc blowfish_encrypt, _ctx, _in, _out
locals
low_encrypt dd ?
high_encrypt dd ?
endl
push ecx edx esi edi
mov esi, [_in]
mov edi, [_out]
mov [low_encrypt], edi
movsd
mov [low_encrypt], edi
movsd
; Begin 16 round encyption on 64 bit element
xor ecx, ecx
.loop_encrypt:
; Bitwise xor @high_encrypt with every PBOX in the given crypt context
mov eax, [_ctx]
mov eax, [eax + ecx * 4]
mov edx, [high_encrypt]
xor dword[edx], eax
; Bitwise xor @low_encrypt with the value returned by F using @high_encrypt
push dword[edx]
push [_ctx]
call blowfish_f
mov edx, [low_encrypt]
xor dword[edx], eax
; Swap upper and lower 32 bits
push dword[edx]
mov eax, [high_encrypt]
mov eax, [eax]
mov dword[edx], eax
pop edx
mov eax, [high_encrypt]
mov dword[eax], edx
inc ecx
cmp ecx, 16
jne .loop_encrypt
; Swap upper and lower 32 bits again
mov edx, [low_encrypt]
push dword[edx]
mov eax, [high_encrypt]
mov eax, [eax]
mov dword[edx], eax
pop edx
mov eax, [high_encrypt]
mov dword[eax], edx
; Bitwise xor @low_encrypt with the value of the second to last PBOX in the given crypt context
mov eax, [low_encrypt]
mov edx, [_ctx]
mov edx, [edx + 64]
xor dword[eax], edx
; Bitwise xor @high_encrypt with the value of the last PBOX in the given crypt context
mov eax, [high_encrypt]
mov edx, [_ctx]
mov edx, [edx + 68]
xor dword[eax], edx
pop edi esi edx ecx
ret
endp
proc blowfish_decrypt, _ctx, _in, _out
locals
low_decrypt dd ?
high_decrypt dd ?
endl
push ecx edx esi edi
mov esi, [_in]
mov edi, [_out]
mov [low_decrypt], edi
movsd
mov [low_decrypt], edi
movsd
; Begin 16 round encyption on 64 bit element
mov ecx, 16
.loop_encrypt:
; Bitwise xor @high_encrypt with every PBOX in the given crypt context
mov eax, [_ctx]
mov eax, [eax + ecx * 4]
mov edx, [high_decrypt]
xor dword[edx], eax
; Bitwise xor @low_encrypt with the value returned by F using @high_encrypt
push dword[edx]
push [_ctx]
call F
mov edx, [low_decrypt]
xor dword[edx], eax
; Swap upper and lower 32 bits
push dword[edx]
mov eax, [high_decrypt]
mov eax, [eax]
mov dword[edx], eax
pop edx
mov eax, [high_decrypt]
mov dword[eax], edx
dec ecx
jnz .loop_encrypt
; Swap upper and lower 32 bits again
mov edx, [low_decrypt]
push dword[edx]
mov eax, [high_decrypt]
mov eax, [eax]
mov dword[edx], eax
pop edx
mov eax, [high_decrypt]
mov dword[eax], edx
; Bitwise xor @low_encrypt with the value of the second PBOX in the given crypt context
mov eax, [low_decrypt]
mov edx, [_ctx]
mov edx, [edx + 4]
xor dword[eax], edx
; Bitwise xor @high_encrypt with the value of the first PBOX in the given crypt context
mov eax, [high_decrypt]
mov edx, [_ctx]
mov edx, [edx + 0]
xor dword[eax], edx
pop edi esi edx ecx
ret
endp
;--------------------------------------------------------------------------;
; Following tables are used for key generation
;--------------------------------------------------------------------------;
iglobal
blowfish_fixed_p dd \
0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344, \
0xA4093822, 0x299F31D0, 0x082EFA98, 0xEC4E6C89, \
0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C, \
0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5, 0xB5470917, \
0x9216D5D9, 0x8979FB1B
blowfish_fixed_s dd \
0xD1310BA6, 0x98DFB5AC, 0x2FFD72DB, 0xD01ADFB7,\
0xB8E1AFED, 0x6A267E96, 0xBA7C9045, 0xF12C7F99, \
0x24A19947, 0xB3916CF7, 0x0801F2E2, 0x858EFC16, \
0x636920D8, 0x71574E69, 0xA458FEA3, 0xF4933D7E, \
0x0D95748F, 0x728EB658, 0x718BCD58, 0x82154AEE, \
0x7B54A41D, 0xC25A59B5, 0x9C30D539, 0x2AF26013, \
0xC5D1B023, 0x286085F0, 0xCA417918, 0xB8DB38EF, \
0x8E79DCB0, 0x603A180E, 0x6C9E0E8B, 0xB01E8A3E, \
0xD71577C1, 0xBD314B27, 0x78AF2FDA, 0x55605C60, \
0xE65525F3, 0xAA55AB94, 0x57489862, 0x63E81440, \
0x55CA396A, 0x2AAB10B6, 0xB4CC5C34, 0x1141E8CE, \
0xA15486AF, 0x7C72E993, 0xB3EE1411, 0x636FBC2A, \
0x2BA9C55D, 0x741831F6, 0xCE5C3E16, 0x9B87931E, \
0xAFD6BA33, 0x6C24CF5C, 0x7A325381, 0x28958677, \
0x3B8F4898, 0x6B4BB9AF, 0xC4BFE81B, 0x66282193, \
0x61D809CC, 0xFB21A991, 0x487CAC60, 0x5DEC8032, \
0xEF845D5D, 0xE98575B1, 0xDC262302, 0xEB651B88, \
0x23893E81, 0xD396ACC5, 0x0F6D6FF3, 0x83F44239, \
0x2E0B4482, 0xA4842004, 0x69C8F04A, 0x9E1F9B5E, \
0x21C66842, 0xF6E96C9A, 0x670C9C61, 0xABD388F0, \
0x6A51A0D2, 0xD8542F68, 0x960FA728, 0xAB5133A3, \
0x6EEF0B6C, 0x137A3BE4, 0xBA3BF050, 0x7EFB2A98, \
0xA1F1651D, 0x39AF0176, 0x66CA593E, 0x82430E88, \
0x8CEE8619, 0x456F9FB4, 0x7D84A5C3, 0x3B8B5EBE, \
0xE06F75D8, 0x85C12073, 0x401A449F, 0x56C16AA6, \
0x4ED3AA62, 0x363F7706, 0x1BFEDF72, 0x429B023D, \
0x37D0D724, 0xD00A1248, 0xDB0FEAD3, 0x49F1C09B, \
0x075372C9, 0x80991B7B, 0x25D479D8, 0xF6E8DEF7, \
0xE3FE501A, 0xB6794C3B, 0x976CE0BD, 0x04C006BA, \
0xC1A94FB6, 0x409F60C4, 0x5E5C9EC2, 0x196A2463, \
0x68FB6FAF, 0x3E6C53B5, 0x1339B2EB, 0x3B52EC6F, \
0x6DFC511F, 0x9B30952C, 0xCC814544, 0xAF5EBD09, \
0xBEE3D004, 0xDE334AFD, 0x660F2807, 0x192E4BB3, \
0xC0CBA857, 0x45C8740F, 0xD20B5F39, 0xB9D3FBDB, \
0x5579C0BD, 0x1A60320A, 0xD6A100C6, 0x402C7279, \
0x679F25FE, 0xFB1FA3CC, 0x8EA5E9F8, 0xDB3222F8, \
0x3C7516DF, 0xFD616B15, 0x2F501EC8, 0xAD0552AB, \
0x323DB5FA, 0xFD238760, 0x53317B48, 0x3E00DF82, \
0x9E5C57BB, 0xCA6F8CA0, 0x1A87562E, 0xDF1769DB, \
0xD542A8F6, 0x287EFFC3, 0xAC6732C6, 0x8C4F5573, \
0x695B27B0, 0xBBCA58C8, 0xE1FFA35D, 0xB8F011A0, \
0x10FA3D98, 0xFD2183B8, 0x4AFCB56C, 0x2DD1D35B, \
0x9A53E479, 0xB6F84565, 0xD28E49BC, 0x4BFB9790, \
0xE1DDF2DA, 0xA4CB7E33, 0x62FB1341, 0xCEE4C6E8, \
0xEF20CADA, 0x36774C01, 0xD07E9EFE, 0x2BF11FB4, \
0x95DBDA4D, 0xAE909198, 0xEAAD8E71, 0x6B93D5A0, \
0xD08ED1D0, 0xAFC725E0, 0x8E3C5B2F, 0x8E7594B7, \
0x8FF6E2FB, 0xF2122B64, 0x8888B812, 0x900DF01C, \
0x4FAD5EA0, 0x688FC31C, 0xD1CFF191, 0xB3A8C1AD, \
0x2F2F2218, 0xBE0E1777, 0xEA752DFE, 0x8B021FA1, \
0xE5A0CC0F, 0xB56F74E8, 0x18ACF3D6, 0xCE89E299, \
0xB4A84FE0, 0xFD13E0B7, 0x7CC43B81, 0xD2ADA8D9, \
0x165FA266, 0x80957705, 0x93CC7314, 0x211A1477, \
0xE6AD2065, 0x77B5FA86, 0xC75442F5, 0xFB9D35CF, \
0xEBCDAF0C, 0x7B3E89A0, 0xD6411BD3, 0xAE1E7E49, \
0x00250E2D, 0x2071B35E, 0x226800BB, 0x57B8E0AF, \
0x2464369B, 0xF009B91E, 0x5563911D, 0x59DFA6AA, \
0x78C14389, 0xD95A537F, 0x207D5BA2, 0x02E5B9C5, \
0x83260376, 0x6295CFA9, 0x11C81968, 0x4E734A41, \
0xB3472DCA, 0x7B14A94A, 0x1B510052, 0x9A532915, \
0xD60F573F, 0xBC9BC6E4, 0x2B60A476, 0x81E67400, \
0x08BA6FB5, 0x571BE91F, 0xF296EC6B, 0x2A0DD915, \
0xB6636521, 0xE7B9F9B6, 0xFF34052E, 0xC5855664, \
0x53B02D5D, 0xA99F8FA1, 0x08BA4799, 0x6E85076A, \
0x4B7A70E9, 0xB5B32944, 0xDB75092E, 0xC4192623, \
0xAD6EA6B0, 0x49A7DF7D, 0x9CEE60B8, 0x8FEDB266, \
0xECAA8C71, 0x699A17FF, 0x5664526C, 0xC2B19EE1, \
0x193602A5, 0x75094C29, 0xA0591340, 0xE4183A3E, \
0x3F54989A, 0x5B429D65, 0x6B8FE4D6, 0x99F73FD6, \
0xA1D29C07, 0xEFE830F5, 0x4D2D38E6, 0xF0255DC1, \
0x4CDD2086, 0x8470EB26, 0x6382E9C6, 0x021ECC5E, \
0x09686B3F, 0x3EBAEFC9, 0x3C971814, 0x6B6A70A1, \
0x687F3584, 0x52A0E286, 0xB79C5305, 0xAA500737, \
0x3E07841C, 0x7FDEAE5C, 0x8E7D44EC, 0x5716F2B8, \
0xB03ADA37, 0xF0500C0D, 0xF01C1F04, 0x0200B3FF, \
0xAE0CF51A, 0x3CB574B2, 0x25837A58, 0xDC0921BD, \
0xD19113F9, 0x7CA92FF6, 0x94324773, 0x22F54701, \
0x3AE5E581, 0x37C2DADC, 0xC8B57634, 0x9AF3DDA7, \
0xA9446146, 0x0FD0030E, 0xECC8C73E, 0xA4751E41, \
0xE238CD99, 0x3BEA0E2F, 0x3280BBA1, 0x183EB331, \
0x4E548B38, 0x4F6DB908, 0x6F420D03, 0xF60A04BF, \
0x2CB81290, 0x24977C79, 0x5679B072, 0xBCAF89AF, \
0xDE9A771F, 0xD9930810, 0xB38BAE12, 0xDCCF3F2E, \
0x5512721F, 0x2E6B7124, 0x501ADDE6, 0x9F84CD87, \
0x7A584718, 0x7408DA17, 0xBC9F9ABC, 0xE94B7D8C, \
0xEC7AEC3A, 0xDB851DFA, 0x63094366, 0xC464C3D2, \
0xEF1C1847, 0x3215D908, 0xDD433B37, 0x24C2BA16, \
0x12A14D43, 0x2A65C451, 0x50940002, 0x133AE4DD, \
0x71DFF89E, 0x10314E55, 0x81AC77D6, 0x5F11199B, \
0x043556F1, 0xD7A3C76B, 0x3C11183B, 0x5924A509, \
0xF28FE6ED, 0x97F1FBFA, 0x9EBABF2C, 0x1E153C6E, \
0x86E34570, 0xEAE96FB1, 0x860E5E0A, 0x5A3E2AB3, \
0x771FE71C, 0x4E3D06FA, 0x2965DCB9, 0x99E71D0F, \
0x803E89D6, 0x5266C825, 0x2E4CC978, 0x9C10B36A, \
0xC6150EBA, 0x94E2EA78, 0xA5FC3C53, 0x1E0A2DF4, \
0xF2F74EA7, 0x361D2B3D, 0x1939260F, 0x19C27960, \
0x5223A708, 0xF71312B6, 0xEBADFE6E, 0xEAC31F66, \
0xE3BC4595, 0xA67BC883, 0xB17F37D1, 0x018CFF28, \
0xC332DDEF, 0xBE6C5AA5, 0x65582185, 0x68AB9802, \
0xEECEA50F, 0xDB2F953B, 0x2AEF7DAD, 0x5B6E2F84, \
0x1521B628, 0x29076170, 0xECDD4775, 0x619F1510, \
0x13CCA830, 0xEB61BD96, 0x0334FE1E, 0xAA0363CF, \
0xB5735C90, 0x4C70A239, 0xD59E9E0B, 0xCBAADE14, \
0xEECC86BC, 0x60622CA7, 0x9CAB5CAB, 0xB2F3846E, \
0x648B1EAF, 0x19BDF0CA, 0xA02369B9, 0x655ABB50, \
0x40685A32, 0x3C2AB4B3, 0x319EE9D5, 0xC021B8F7, \
0x9B540B19, 0x875FA099, 0x95F7997E, 0x623D7DA8, \
0xF837889A, 0x97E32D77, 0x11ED935F, 0x16681281, \
0x0E358829, 0xC7E61FD6, 0x96DEDFA1, 0x7858BA99, \
0x57F584A5, 0x1B227263, 0x9B83C3FF, 0x1AC24696, \
0xCDB30AEB, 0x532E3054, 0x8FD948E4, 0x6DBC3128, \
0x58EBF2EF, 0x34C6FFEA, 0xFE28ED61, 0xEE7C3C73, \
0x5D4A14D9, 0xE864B7E3, 0x42105D14, 0x203E13E0, \
0x45EEE2B6, 0xA3AAABEA, 0xDB6C4F15, 0xFACB4FD0, \
0xC742F442, 0xEF6ABBB5, 0x654F3B1D, 0x41CD2105, \
0xD81E799E, 0x86854DC7, 0xE44B476A, 0x3D816250, \
0xCF62A1F2, 0x5B8D2646, 0xFC8883A0, 0xC1C7B6A3, \
0x7F1524C3, 0x69CB7492, 0x47848A0B, 0x5692B285, \
0x095BBF00, 0xAD19489D, 0x1462B174, 0x23820E00, \
0x58428D2A, 0x0C55F5EA, 0x1DADF43E, 0x233F7061, \
0x3372F092, 0x8D937E41, 0xD65FECF1, 0x6C223BDB, \
0x7CDE3759, 0xCBEE7460, 0x4085F2A7, 0xCE77326E, \
0xA6078084, 0x19F8509E, 0xE8EFD855, 0x61D99735, \
0xA969A7AA, 0xC50C06C2, 0x5A04ABFC, 0x800BCADC, \
0x9E447A2E, 0xC3453484, 0xFDD56705, 0x0E1E9EC9, \
0xDB73DBD3, 0x105588CD, 0x675FDA79, 0xE3674340, \
0xC5C43465, 0x713E38D8, 0x3D28F89E, 0xF16DFF20, \
0x153E21E7, 0x8FB03D4A, 0xE6E39F2B, 0xDB83ADF7, \
0xE93D5A68, 0x948140F7, 0xF64C261C, 0x94692934, \
0x411520F7, 0x7602D4F7, 0xBCF46B2E, 0xD4A20068, \
0xD4082471, 0x3320F46A, 0x43B7D4B7, 0x500061AF, \
0x1E39F62E, 0x97244546, 0x14214F74, 0xBF8B8840, \
0x4D95FC1D, 0x96B591AF, 0x70F4DDD3, 0x66A02F45, \
0xBFBC09EC, 0x03BD9785, 0x7FAC6DD0, 0x31CB8504, \
0x96EB27B3, 0x55FD3941, 0xDA2547E6, 0xABCA0A9A, \
0x28507825, 0x530429F4, 0x0A2C86DA, 0xE9B66DFB, \
0x68DC1462, 0xD7486900, 0x680EC0A4, 0x27A18DEE, \
0x4F3FFEA2, 0xE887AD8C, 0xB58CE006, 0x7AF4D6B6, \
0xAACE1E7C, 0xD3375FEC, 0xCE78A399, 0x406B2A42, \
0x20FE9E35, 0xD9F385B9, 0xEE39D7AB, 0x3B124E8B, \
0x1DC9FAF7, 0x4B6D1856, 0x26A36631, 0xEAE397B2, \
0x3A6EFA74, 0xDD5B4332, 0x6841E7F7, 0xCA7820FB, \
0xFB0AF54E, 0xD8FEB397, 0x454056AC, 0xBA489527, \
0x55533A3A, 0x20838D87, 0xFE6BA9B7, 0xD096954B, \
0x55A867BC, 0xA1159A58, 0xCCA92963, 0x99E1DB33, \
0xA62A4A56, 0x3F3125F9, 0x5EF47E1C, 0x9029317C, \
0xFDF8E802, 0x04272F70, 0x80BB155C, 0x05282CE3, \
0x95C11548, 0xE4C66D22, 0x48C1133F, 0xC70F86DC, \
0x07F9C9EE, 0x41041F0F, 0x404779A4, 0x5D886E17, \
0x325F51EB, 0xD59BC0D1, 0xF2BCC18F, 0x41113564, \
0x257B7834, 0x602A9C60, 0xDFF8E8A3, 0x1F636C1B, \
0x0E12B4C2, 0x02E1329E, 0xAF664FD1, 0xCAD18115, \
0x6B2395E0, 0x333E92E1, 0x3B240B62, 0xEEBEB922, \
0x85B2A20E, 0xE6BA0D99, 0xDE720C8C, 0x2DA2F728, \
0xD0127845, 0x95B794FD, 0x647D0862, 0xE7CCF5F0, \
0x5449A36F, 0x877D48FA, 0xC39DFD27, 0xF33E8D1E, \
0x0A476341, 0x992EFF74, 0x3A6F6EAB, 0xF4F8FD37, \
0xA812DC60, 0xA1EBDDF8, 0x991BE14C, 0xDB6E6B0D, \
0xC67B5510, 0x6D672C37, 0x2765D43B, 0xDCD0E804, \
0xF1290DC7, 0xCC00FFA3, 0xB5390F92, 0x690FED0B, \
0x667B9FFB, 0xCEDB7D9C, 0xA091CF0B, 0xD9155EA3, \
0xBB132F88, 0x515BAD24, 0x7B9479BF, 0x763BD6EB, \
0x37392EB3, 0xCC115979, 0x8026E297, 0xF42E312D, \
0x6842ADA7, 0xC66A2B3B, 0x12754CCC, 0x782EF11C, \
0x6A124237, 0xB79251E7, 0x06A1BBE6, 0x4BFB6350, \
0x1A6B1018, 0x11CAEDFA, 0x3D25BDD8, 0xE2E1C3C9, \
0x44421659, 0x0A121386, 0xD90CEC6E, 0xD5ABEA2A, \
0x64AF674E, 0xDA86A85F, 0xBEBFE988, 0x64E4C3FE, \
0x9DBC8057, 0xF0F7C086, 0x60787BF8, 0x6003604D, \
0xD1FD8346, 0xF6381FB0, 0x7745AE04, 0xD736FCCC, \
0x83426B33, 0xF01EAB71, 0xB0804187, 0x3C005E5F, \
0x77A057BE, 0xBDE8AE24, 0x55464299, 0xBF582E61, \
0x4E58F48F, 0xF2DDFDA2, 0xF474EF38, 0x8789BDC2, \
0x5366F9C3, 0xC8B38E74, 0xB475F255, 0x46FCD9B9, \
0x7AEB2661, 0x8B1DDF84, 0x846A0E79, 0x915F95E2, \
0x466E598E, 0x20B45770, 0x8CD55591, 0xC902DE4C, \
0xB90BACE1, 0xBB8205D0, 0x11A86248, 0x7574A99E, \
0xB77F19B6, 0xE0A9DC09, 0x662D09A1, 0xC4324633, \
0xE85A1F02, 0x09F0BE8C, 0x4A99A025, 0x1D6EFE10, \
0x1AB93D1D, 0x0BA5A4DF, 0xA186F20F, 0x2868F169, \
0xDCB7DA83, 0x573906FE, 0xA1E2CE9B, 0x4FCD7F52, \
0x50115E01, 0xA70683FA, 0xA002B5C4, 0x0DE6D027, \
0x9AF88C27, 0x773F8641, 0xC3604C06, 0x61A806B5, \
0xF0177A28, 0xC0F586E0, 0x006058AA, 0x30DC7D62, \
0x11E69ED7, 0x2338EA63, 0x53C2DD94, 0xC2C21634, \
0xBBCBEE56, 0x90BCB6DE, 0xEBFC7DA1, 0xCE591D76, \
0x6F05E409, 0x4B7C0188, 0x39720A3D, 0x7C927C24, \
0x86E3725F, 0x724D9DB9, 0x1AC15BB4, 0xD39EB8FC, \
0xED545578, 0x08FCA5B5, 0xD83D7CD3, 0x4DAD0FC4, \
0x1E50EF5E, 0xB161E6F8, 0xA28514D9, 0x6C51133C, \
0x6FD5C7E7, 0x56E14EC4, 0x362ABFCE, 0xDDC6C837, \
0xD79A3234, 0x92638212, 0x670EFA8E, 0x406000E0, \
0x3A39CE37, 0xD3FAF5CF, 0xABC27737, 0x5AC52D1B, \
0x5CB0679E, 0x4FA33742, 0xD3822740, 0x99BC9BBE, \
0xD5118E9D, 0xBF0F7315, 0xD62D1C7E, 0xC700C47B, \
0xB78C1B6B, 0x21A19045, 0xB26EB1BE, 0x6A366EB4, \
0x5748AB2F, 0xBC946E79, 0xC6A376D2, 0x6549C2C8, \
0x530FF8EE, 0x468DDE7D, 0xD5730A1D, 0x4CD04DC6, \
0x2939BBDB, 0xA9BA4650, 0xAC9526E8, 0xBE5EE304, \
0xA1FAD5F0, 0x6A2D519A, 0x63EF8CE2, 0x9A86EE22, \
0xC089C2B8, 0x43242EF6, 0xA51E03AA, 0x9CF2D0A4, \
0x83C061BA, 0x9BE96A4D, 0x8FE51550, 0xBA645BD6, \
0x2826A2F9, 0xA73A3AE1, 0x4BA99586, 0xEF5562E9, \
0xC72FEFD3, 0xF752F7DA, 0x3F046F69, 0x77FA0A59, \
0x80E4A915, 0x87B08601, 0x9B09E6AD, 0x3B3EE593, \
0xE990FD5A, 0x9E34D797, 0x2CF0B7D9, 0x022B8B51, \
0x96D5AC3A, 0x017DA67D, 0xD1CF3ED6, 0x7C7D2D28, \
0x1F9F25CF, 0xADF2B89B, 0x5AD6B472, 0x5A88F54C, \
0xE029AC71, 0xE019A5E6, 0x47B0ACFD, 0xED93FA9B, \
0xE8D3C48D, 0x283B57CC, 0xF8D56629, 0x79132E28, \
0x785F0191, 0xED756055, 0xF7960E44, 0xE3D35E8C, \
0x15056DD4, 0x88F46DBA, 0x03A16125, 0x0564F0BD, \
0xC3EB9E15, 0x3C9057A2, 0x97271AEC, 0xA93A072A, \
0x1B3F6D9B, 0x1E6321F5, 0xF59C66FB, 0x26DCF319, \
0x7533D928, 0xB155FDF5, 0x03563482, 0x8ABA3CBB, \
0x28517711, 0xC20AD9F8, 0xABCC5167, 0xCCAD925F, \
0x4DE81751, 0x3830DC8E, 0x379D5862, 0x9320F991, \
0xEA7A90C2, 0xFB3E7BCE, 0x5121CE64, 0x774FBE32, \
0xA8B6E37E, 0xC3293D46, 0x48DE5369, 0x6413E680, \
0xA2AE0810, 0xDD6DB224, 0x69852DFD, 0x09072166, \
0xB39A460A, 0x6445C0DD, 0x586CDECF, 0x1C20C8AE, \
0x5BBEF7DD, 0x1B588D40, 0xCCD2017F, 0x6BB4E3BB, \
0xDDA26A7E, 0x3A59FF45, 0x3E350A44, 0xBCB4CDD5, \
0x72EACEA8, 0xFA6484BB, 0x8D6612AE, 0xBF3C6F47, \
0xD29BE463, 0x542F5D9E, 0xAEC2771B, 0xF64E6370, \
0x740E0D8D, 0xE75B1357, 0xF8721671, 0xAF537D5D, \
0x4040CB08, 0x4EB4E2CC, 0x34D2466A, 0x0115AF84, \
0xE1B00428, 0x95983A1D, 0x06B89FB4, 0xCE6EA048, \
0x6F3F3B82, 0x3520AB82, 0x011A1D4B, 0x277227F8, \
0x611560B1, 0xE7933FDC, 0xBB3A792B, 0x344525BD, \
0xA08839E1, 0x51CE794B, 0x2F32C9B7, 0xA01FBAC9, \
0xE01CC87E, 0xBCC7D1F6, 0xCF0111C3, 0xA1E8AAC7, \
0x1A908749, 0xD44FBD9A, 0xD0DADECB, 0xD50ADA38, \
0x0339C32A, 0xC6913667, 0x8DF9317C, 0xE0B12B4F, \
0xF79E59B7, 0x43F5BB3A, 0xF2D519FF, 0x27D9459C, \
0xBF97222C, 0x15E6FC2A, 0x0F91FC71, 0x9B941525, \
0xFAE59361, 0xCEB69CEB, 0xC2A86459, 0x12BAA8D1, \
0xB6C1075E, 0xE3056A0C, 0x10D25065, 0xCB03A442, \
0xE0EC6E0E, 0x1698DB3B, 0x4C98A0BE, 0x3278E964, \
0x9F1F9532, 0xE0D392DF, 0xD3A0342B, 0x8971F21E, \
0x1B0A7441, 0x4BA3348C, 0xC5BE7120, 0xC37632D8, \
0xDF359F8D, 0x9B992F2E, 0xE60B6F47, 0x0FE3F11D, \
0xE54CDA54, 0x1EDAD891, 0xCE6279CF, 0xCD3E7E6F, \
0x1618B166, 0xFD2C1D05, 0x848FD2C5, 0xF6FB2299, \
0xF523F357, 0xA6327623, 0x93A83531, 0x56CCCD02, \
0xACF08162, 0x5A75EBB5, 0x6E163697, 0x88D273CC, \
0xDE966292, 0x81B949D0, 0x4C50901B, 0x71C65614, \
0xE6C6C7BD, 0x327A140A, 0x45E1D006, 0xC3F27B9A, \
0xC9AA53FD, 0x62A80F00, 0xBB25BFE2, 0x35BDD2F6, \
0x71126905, 0xB2040222, 0xB6CBCF7C, 0xCD769C2B, \
0x53113EC0, 0x1640E3D3, 0x38ABBD60, 0x2547ADF0, \
0xBA38209C, 0xF746CE76, 0x77AFA1C5, 0x20756060, \
0x85CBFE4E, 0x8AE88DD8, 0x7AAAF9B0, 0x4CF9AA7E, \
0x1948C25C, 0x02FB8A8C, 0x01C36AE4, 0xD6EBE1F9, \
0x90D4F869, 0xA65CDEA0, 0x3F09252D, 0xC208E69F, \
0xB74E6132, 0xCE77E25B, 0x578FDFE3, 0x3AC372E6
endg

72
programs/network/ssh/dh_gex.inc
View File

@ -1,6 +1,6 @@
; dh_gex.inc - Diffie Hellman Group exchange ; dh_gex.inc - Diffie Hellman Group exchange
; ;
; Copyright (C) 2015-2016 Jeffrey Amelynck ; Copyright (C) 2015-2021 Jeffrey Amelynck
; ;
; This program is free software: you can redistribute it and/or modify ; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by ; it under the terms of the GNU General Public License as published by
@ -22,6 +22,10 @@
proc dh_gex proc dh_gex
locals
dh_f_big dd ?
endl
;---------------------------------------------- ;----------------------------------------------
; >> Send Diffie-Hellman Group Exchange Request ; >> Send Diffie-Hellman Group Exchange Request
@ -42,14 +46,16 @@ proc dh_gex
DEBUGF 2, "Received GEX group\n" DEBUGF 2, "Received GEX group\n"
mov esi, con.rx_buffer+sizeof.ssh_packet_header mov esi, con.rx_buffer+sizeof.ssh_packet_header
mov edi, con.dh_p
DEBUGF 1, "DH modulus (p): " DEBUGF 1, "DH modulus (p): "
call mpint_to_little_endian stdcall mpint_to_little_endian, con.dh_p, esi
add esi, 4
add esi, eax
stdcall mpint_print, con.dh_p stdcall mpint_print, con.dh_p
DEBUGF 1, "DH base (g): " DEBUGF 1, "DH base (g): "
mov edi, con.dh_g stdcall mpint_to_little_endian, con.dh_g, esi
call mpint_to_little_endian add esi, 4
add esi, eax
stdcall mpint_print, con.dh_g stdcall mpint_print, con.dh_g
;------------------------------------------- ;-------------------------------------------
@ -74,18 +80,12 @@ proc dh_gex
inc dword[con.dh_x] inc dword[con.dh_x]
@@: @@:
; Fill remaining bytes with zeros ; TO BE REMOVED ?
if ((MAX_BITS-DH_PRIVATE_KEY_SIZE) > 0)
mov ecx, (MAX_BITS-DH_PRIVATE_KEY_SIZE)/8/4
xor eax, eax
rep stosd
end if
DEBUGF 1, "DH x: " DEBUGF 1, "DH x: "
stdcall mpint_print, con.dh_x stdcall mpint_print, con.dh_x
; Compute e = g^x mod p ; Compute e = g^x mod p
stdcall mpint_modexp, con.dh_e, con.dh_g, con.dh_x, con.dh_p stdcall mpint_modexp, con.dh_e, con.dh_g, con.dh_x, con.dh_p
stdcall mpint_shrink, con.dh_e
DEBUGF 1, "DH e: " DEBUGF 1, "DH e: "
stdcall mpint_print, con.dh_e stdcall mpint_print, con.dh_e
@ -94,8 +94,7 @@ end if
mov edi, con.tx_buffer.message_code mov edi, con.tx_buffer.message_code
mov al, SSH_MSG_KEX_DH_GEX_INIT mov al, SSH_MSG_KEX_DH_GEX_INIT
stosb stosb
mov esi, con.dh_e stdcall mpint_to_big_endian, edi, con.dh_e
call mpint_to_big_endian
DEBUGF 2, "Sending GEX init\n" DEBUGF 2, "Sending GEX init\n"
mov ecx, dword[con.tx_buffer.message_code+1] mov ecx, dword[con.tx_buffer.message_code+1]
@ -124,7 +123,7 @@ end if
bswap edx bswap edx
add edx, 4 add edx, 4
lea ebx, [esi+edx] lea ebx, [esi+edx]
push ebx mov [dh_f_big], ebx
invoke sha256_update, con.temp_ctx, esi, edx invoke sha256_update, con.temp_ctx, esi, edx
;-------------------------------------------------------------------------- ;--------------------------------------------------------------------------
@ -135,17 +134,15 @@ end if
;---------------------------- ;----------------------------
; HASH: mpint p, safe prime ; HASH: mpint p, safe prime
mov esi, con.dh_p stdcall mpint_shrink, con.dh_p
mov edi, con.mpint_tmp stdcall mpint_to_big_endian, con.mpint_tmp, con.dh_p
call mpint_to_big_endian
lea edx, [eax+4] lea edx, [eax+4]
invoke sha256_update, con.temp_ctx, con.mpint_tmp, edx invoke sha256_update, con.temp_ctx, con.mpint_tmp, edx
;---------------------------------------- ;----------------------------------------
; HASH: mpint g, generator for subgroup ; HASH: mpint g, generator for subgroup
mov esi, con.dh_g stdcall mpint_shrink, con.dh_g
mov edi, con.mpint_tmp stdcall mpint_to_big_endian, con.mpint_tmp, con.dh_g
call mpint_to_big_endian
lea edx, [eax+4] lea edx, [eax+4]
invoke sha256_update, con.temp_ctx, con.mpint_tmp, edx invoke sha256_update, con.temp_ctx, con.mpint_tmp, edx
@ -159,36 +156,33 @@ end if
;--------------------------------------------------- ;---------------------------------------------------
; HASH: mpint f, exchange value sent by the server ; HASH: mpint f, exchange value sent by the server
mov esi, [esp] mov esi, [dh_f_big]
mov edx, [esi] mov edx, [esi]
bswap edx bswap edx
add edx, 4 add edx, 4
invoke sha256_update, con.temp_ctx, esi, edx invoke sha256_update, con.temp_ctx, esi, edx
pop esi
mov edi, con.dh_f
call mpint_to_little_endian
stdcall mpint_to_little_endian, con.dh_f, [dh_f_big]
mov esi, [dh_f_big]
add esi, eax
add esi, 4
DEBUGF 1, "DH f: " DEBUGF 1, "DH f: "
stdcall mpint_print, con.dh_f stdcall mpint_print, con.dh_f
mov edi, con.dh_signature stdcall mpint_to_little_endian, con.dh_signature, esi
call mpint_to_little_endian
DEBUGF 1, "DH signature: " DEBUGF 1, "DH signature: "
stdcall mpint_print, con.dh_signature stdcall mpint_print, con.dh_signature
;-------------------------------------- ;--------------------------------------
; Calculate shared secret K = f^x mod p ; Calculate shared secret K = f^x mod p
stdcall mpint_modexp, con.rx_buffer, con.dh_f, con.dh_x, con.dh_p stdcall mpint_modexp, con.rx_buffer, con.dh_f, con.dh_x, con.dh_p
stdcall mpint_shrink, con.rx_buffer
DEBUGF 1, "DH K: " DEBUGF 1, "DH K: "
stdcall mpint_print, con.rx_buffer stdcall mpint_print, con.rx_buffer
; We always need it in big endian order, so store it as such. ; We always need it in big endian order, so store it as such.
mov edi, con.dh_K stdcall mpint_to_big_endian, con.dh_K, con.rx_buffer
mov esi, con.rx_buffer
call mpint_to_big_endian
mov [con.dh_K_length], eax mov [con.dh_K_length], eax
;----------------------------------- ;-----------------------------------
@ -231,7 +225,7 @@ end if
mov esi, con.k_h_ctx mov esi, con.k_h_ctx
mov edi, con.temp_ctx mov edi, con.temp_ctx
mov ecx, sizeof.crash_ctx mov ecx, sizeof.crash_ctx/4
rep movsd rep movsd
mov [con.session_id_prefix], 'A' mov [con.session_id_prefix], 'A'
invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1 invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
@ -250,7 +244,7 @@ end if
mov esi, con.k_h_ctx mov esi, con.k_h_ctx
mov edi, con.temp_ctx mov edi, con.temp_ctx
mov ecx, sizeof.crash_ctx/4 mov ecx, sizeof.crash_ctx/4
rep movsd rep movsd
inc [con.session_id_prefix] inc [con.session_id_prefix]
invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1 invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
invoke sha256_final, con.temp_ctx invoke sha256_final, con.temp_ctx
@ -267,8 +261,8 @@ end if
mov esi, con.k_h_ctx mov esi, con.k_h_ctx
mov edi, con.temp_ctx mov edi, con.temp_ctx
mov ecx, sizeof.crash_ctx mov ecx, sizeof.crash_ctx/4
rep movsd rep movsd
inc [con.session_id_prefix] inc [con.session_id_prefix]
invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1 invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
invoke sha256_final, con.temp_ctx invoke sha256_final, con.temp_ctx
@ -286,7 +280,7 @@ end if
mov esi, con.k_h_ctx mov esi, con.k_h_ctx
mov edi, con.temp_ctx mov edi, con.temp_ctx
mov ecx, sizeof.crash_ctx/4 mov ecx, sizeof.crash_ctx/4
rep movsd rep movsd
inc [con.session_id_prefix] inc [con.session_id_prefix]
invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1 invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
invoke sha256_final, con.temp_ctx invoke sha256_final, con.temp_ctx
@ -304,7 +298,7 @@ end if
mov esi, con.k_h_ctx mov esi, con.k_h_ctx
mov edi, con.temp_ctx mov edi, con.temp_ctx
mov ecx, sizeof.crash_ctx/4 mov ecx, sizeof.crash_ctx/4
rep movsd rep movsd
inc [con.session_id_prefix] inc [con.session_id_prefix]
invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1 invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
invoke sha256_final, con.temp_ctx invoke sha256_final, con.temp_ctx
@ -322,7 +316,7 @@ end if
mov esi, con.k_h_ctx mov esi, con.k_h_ctx
mov edi, con.temp_ctx mov edi, con.temp_ctx
mov ecx, sizeof.crash_ctx/4 mov ecx, sizeof.crash_ctx/4
rep movsd rep movsd
inc [con.session_id_prefix] inc [con.session_id_prefix]
invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1 invoke sha256_update, con.temp_ctx, con.session_id_prefix, 32+1
invoke sha256_final, con.temp_ctx invoke sha256_final, con.temp_ctx

419
programs/network/ssh/mpint.inc
View File

@ -1,6 +1,6 @@
; mpint.inc - Multi precision integer procedures ; mpint.inc - Multi precision integer procedures
; ;
; Copyright (C) 2015-2017 Jeffrey Amelynck ; Copyright (C) 2015-2021 Jeffrey Amelynck
; ;
; This program is free software: you can redistribute it and/or modify ; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by ; it under the terms of the GNU General Public License as published by
@ -19,7 +19,6 @@
; ;
; These procedures work only with positive integers. ; These procedures work only with positive integers.
; For compatibility reasons, the highest bit must always be 0. ; For compatibility reasons, the highest bit must always be 0.
; However, leading 0 bytes MUST at all other times be omitted.
; ;
; You have been warned! ; You have been warned!
@ -27,16 +26,18 @@ MPINT_MAX_LEN = MAX_BITS/8
;;===========================================================================;; ;;===========================================================================;;
proc mpint_to_little_endian uses esi edi ecx ;///////////////////////////////;; proc mpint_to_little_endian uses esi edi ecx, dst, src ;/////////////////////;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;? Convert big endian MPINT to little endian MPINT. ;; ;? Convert big endian MPINT to little endian MPINT. ;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;> esi = pointer to big endian MPINT ;; ;> src = pointer to big endian MPINT ;;
;> edi = pointer to buffer for little endian MPINT ;; ;> dst = pointer to buffer for little endian MPINT ;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;< eax = MPINT number length ;; ;< eax = MPINT number length ;;
;;===========================================================================;; ;;===========================================================================;;
mov esi, [src]
mov edi, [dst]
; Load length dword ; Load length dword
lodsd lodsd
; Convert to little endian ; Convert to little endian
@ -47,7 +48,6 @@ proc mpint_to_little_endian uses esi edi ecx ;///////////////////////////////;;
; Copy data, convert to little endian meanwhile ; Copy data, convert to little endian meanwhile
push eax push eax
add esi, eax add esi, eax
push esi
dec esi dec esi
mov ecx, eax mov ecx, eax
std std
@ -57,24 +57,27 @@ proc mpint_to_little_endian uses esi edi ecx ;///////////////////////////////;;
inc edi inc edi
dec ecx dec ecx
jnz @r jnz @r
cld cld
pop esi eax pop eax
.zero: .zero:
ret ret
endp endp
;;===========================================================================;; ;;===========================================================================;;
proc mpint_to_big_endian uses esi edi ecx ;//////////////////////////////////;; proc mpint_to_big_endian uses esi edi ecx, dst, src ;////////////////////////;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;? Convert little endian MPINT to big endian MPINT. ;; ;? Convert little endian MPINT to big endian MPINT. ;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;> esi = pointer to little endian MPINT ;; ;> src = pointer to little endian MPINT ;;
;> edi = pointer to buffer for big endian MPINT ;; ;> dst = pointer to buffer for big endian MPINT ;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;< eax = MPINT number length ;; ;< eax = MPINT number length ;;
;;===========================================================================;; ;;===========================================================================;;
mov esi, [src]
mov edi, [dst]
; Load length dword ; Load length dword
lodsd lodsd
test eax, eax test eax, eax
@ -138,37 +141,80 @@ proc mpint_print uses ecx esi eax, src ;/////////////////////////////////////;;
endp endp
;;===========================================================================;; ;;===========================================================================;;
proc mpint_hob uses edi ecx eax, dst ;///////////////////////////////////////;; proc mpint_bits uses esi ecx, dst ;//////////////////////////////////////////;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;? Return an index number giving the position of the highest order bit. ;; ;? Count the number of bits in the MPINT ;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;> src = pointer to little endian MPINT ;; ;> dst = pointer to little endian MPINT ;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;< eax = highest order bit number ;; ;< eax = highest order bit number + 1 ;;
;;===========================================================================;; ;;===========================================================================;;
mov edi, [dst] DEBUGF 1, "mpint_bits(0x%x): ", [dst]
lodsd
dec eax ; total length minus one
mov cl, [edi+eax] ; load the highest order byte
shl eax, 3 ; multiply eax by 8 to get nr of bits
mov esi, [dst]
mov eax, [esi]
test eax, eax
jz .zero
add esi, 4-1
; Find highest order byte
.byteloop:
cmp byte[esi+eax], 0
jne .nz
dec eax
jnz .byteloop
.zero:
DEBUGF 1, "%u\n", eax
ret
.nz:
mov cl, byte[esi+eax]
; multiply (eax - 1) by 8 to get nr of bits before this byte
dec eax
shl eax, 3
; Now shift bits of the highest order byte right, until the byte reaches zero, counting bits meanwhile ; Now shift bits of the highest order byte right, until the byte reaches zero, counting bits meanwhile
test cl, cl .bitloop:
jz .end
@@:
inc eax inc eax
shr cl, 1 shr cl, 1
jnz @r jnz .bitloop
.end: DEBUGF 1, "%u\n", eax
ret
endp
;;===========================================================================;;
proc mpint_bytes uses esi, dst ;/////////////////////////////////////////////;;
;;---------------------------------------------------------------------------;;
;? Count the number of bytes in the MPINT ;;
;;---------------------------------------------------------------------------;;
;> dst = pointer to little endian MPINT ;;
;;---------------------------------------------------------------------------;;
;< eax = highest order byte number + 1 ;;
;;===========================================================================;;
DEBUGF 1, "mpint_bytes(0x%x): ", [dst]
mov esi, [dst]
mov eax, [esi]
test eax, eax
jz .done
add esi, 4-1
; Find highest order byte
.byteloop:
cmp byte[esi+eax], 0
jne .done
dec eax
jnz .byteloop
.done:
DEBUGF 1, "%u\n", eax
ret ret
endp endp
;;===========================================================================;; ;;===========================================================================;;
proc mpint_cmp uses esi edi ecx eax, dst, src ;//////////////////////////////;; proc mpint_cmp uses esi edi ecx eax, src, dst ;//////////////////////////////;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;? Compare two mpints. ;; ;? Compare two MPINTS. ;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;> dst = pointer to little endian MPINT ;; ;> dst = pointer to little endian MPINT ;;
;> src = pointer to little endian MPINT ;; ;> src = pointer to little endian MPINT ;;
@ -176,27 +222,38 @@ proc mpint_cmp uses esi edi ecx eax, dst, src ;//////////////////////////////;;
;< flags are set as for single precision CMP instruction ;; ;< flags are set as for single precision CMP instruction ;;
;;===========================================================================;; ;;===========================================================================;;
; First, check if number of significant bytes is the same DEBUGF 1, "mpint_cmp(0x%x, 0x%x)\n", [dst], [src]
; If not, number with more bytes is bigger
; First, check the size of both numbers
stdcall mpint_bytes, [dst]
mov ecx, eax
stdcall mpint_bytes, [src]
; If one number has more bytes, it is bigger
cmp eax, ecx
jne .got_answer
; If both numbers have 0 bytes, they are equal
test ecx, ecx
jz .got_answer
; Numbers have equal amount of bytes
; Start comparing from the MSB towards the LSB
mov esi, [src] mov esi, [src]
mov edi, [dst] mov edi, [dst]
mov ecx, [esi]
cmp ecx, [edi]
jne .got_answer
; Numbers have equal amount of bytes, compare starting from the high order byte
add edi, ecx
add esi, ecx add esi, ecx
add edi, ecx
add esi, 4
add edi, 4
std std
; If remaining bytes is not divisible by 4, compare only one byte at a time
.do_byte: .do_byte:
test ecx, 11b test ecx, 1b
jz .do_dword jz .do_dword
dec esi dec esi
dec edi dec edi
cmpsb mov al, byte[esi]
cmp al, byte[edi]
jne .got_answer jne .got_answer
dec ecx dec ecx
jmp .do_byte ; Remaining bytes is divisable by 4, compare dwords
.do_dword: .do_dword:
shr ecx, 2 shr ecx, 2
jz .got_answer jz .got_answer
@ -212,7 +269,7 @@ endp
;;===========================================================================;; ;;===========================================================================;;
proc mpint_mov uses esi edi ecx, dst, src ;//////////////////////////////////;; proc mpint_mov uses esi edi ecx, dst, src ;//////////////////////////////////;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;? Copy mpint. ;; ;? Copy MPINT. ;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;> dst = pointer to buffer for little endian MPINT ;; ;> dst = pointer to buffer for little endian MPINT ;;
;> src = pointer to little endian MPINT ;; ;> src = pointer to little endian MPINT ;;
@ -220,6 +277,8 @@ proc mpint_mov uses esi edi ecx, dst, src ;//////////////////////////////////;;
;< dst = src ;; ;< dst = src ;;
;;===========================================================================;; ;;===========================================================================;;
DEBUGF 1, "mpint_mov(0x%x, 0x%x)\n", [dst], [src]
mov esi, [src] mov esi, [src]
mov edi, [dst] mov edi, [dst]
mov ecx, [esi] mov ecx, [esi]
@ -247,6 +306,8 @@ proc mpint_shl1 uses esi ecx, dst ;//////////////////////////////////////////;;
;< dst = dst SHL 1 ;; ;< dst = dst SHL 1 ;;
;;===========================================================================;; ;;===========================================================================;;
DEBUGF 1, "mpint_shl1(0x%x)\n", [dst]
mov esi, [dst] mov esi, [dst]
mov ecx, [esi] mov ecx, [esi]
test ecx, ecx test ecx, ecx
@ -288,24 +349,20 @@ proc mpint_shr1 uses edi ecx, dst ;//////////////////////////////////////////;;
;< dst = dst SHR 1 ;; ;< dst = dst SHR 1 ;;
;;===========================================================================;; ;;===========================================================================;;
DEBUGF 1, "mpint_shr1(0x%x)\n", [dst]
mov edi, [dst] mov edi, [dst]
mov ecx, [edi] mov ecx, [edi]
test ecx, ecx test ecx, ecx
jz .done jz .done
; Do the highest order byte first ; Do the highest order byte first
add edi, 4-1
add edi, ecx
shr byte[edi], 1
dec ecx dec ecx
shr byte[edi+ecx+3], 1
; Was it 0? If so, we must decrement total length
jnz @f
jc @f
mov [edi], ecx
@@:
test ecx, ecx
jz .done jz .done
; Now do the trailing bytes ; Now do the trailing bytes
add edi, 4
add edi, ecx
@@: @@:
dec edi dec edi
rcr byte[edi], 1 rcr byte[edi], 1
@ -327,11 +384,20 @@ proc mpint_shl uses eax ebx ecx edx esi edi, dst, shift ;////////////////////;;
;< - ;; ;< - ;;
;;===========================================================================;; ;;===========================================================================;;
DEBUGF 1, "mpint_shl(0x%x, %u)\n", [dst], [shift]
; Calculate new size
stdcall mpint_bits, [dst]
add eax, [shift]
shr eax, 3
cmp eax, MPINT_MAX_LEN
jae .overflow ;;
inc eax
mov esi, [dst]
mov [esi], eax
mov ecx, [shift] mov ecx, [shift]
shr ecx, 3 ; 8 bits in one byte shr ecx, 3 ; 8 bits in one byte
cmp ecx, MPINT_MAX_LEN
jge .zero
mov esi, [dst]
add esi, MPINT_MAX_LEN+4-4 add esi, MPINT_MAX_LEN+4-4
mov edi, esi mov edi, esi
and ecx, not 11b and ecx, not 11b
@ -354,7 +420,7 @@ proc mpint_shl uses eax ebx ecx edx esi edi, dst, shift ;////////////////////;;
shl eax, cl shl eax, cl
stosd stosd
; fill the lsb bytes with zeros ; fill the LSBs with zeros
pop ecx pop ecx
test ecx, ecx test ecx, ecx
jz @f jz @f
@ -369,6 +435,10 @@ proc mpint_shl uses eax ebx ecx edx esi edi, dst, shift ;////////////////////;;
mov dword[eax], 0 mov dword[eax], 0
ret ret
.overflow:
int3
ret
endp endp
;;===========================================================================;; ;;===========================================================================;;
@ -383,14 +453,25 @@ proc mpint_shlmov uses eax ebx ecx edx esi edi, dst, src, shift ;////////////;;
;< dst = src SHL shift ;; ;< dst = src SHL shift ;;
;;===========================================================================;; ;;===========================================================================;;
mov ecx, [shift] DEBUGF 1, "mpint_shlmov(0x%x, 0x%x, %u)\n", [dst], [src], [shift]
shr ecx, 3 ; 8 bits in one byte
cmp ecx, MPINT_MAX_LEN stdcall mpint_bits, [src]
jge .zero test eax, eax
jz .zero
add eax, [shift]
shr eax, 3
inc eax
mov edi, [dst]
mov [edi], eax
cmp eax, MPINT_MAX_LEN
jae .overflow ;;;;
mov esi, [src] mov esi, [src]
add esi, MPINT_MAX_LEN+4-4 add esi, MPINT_MAX_LEN+4-4
mov edi, [dst]
add edi, MPINT_MAX_LEN+4-4 add edi, MPINT_MAX_LEN+4-4
mov ecx, [shift]
shr ecx, 3 ; 8 bits in one byte
and ecx, not 11b and ecx, not 11b
sub esi, ecx sub esi, ecx
mov edx, MPINT_MAX_LEN/4-1 mov edx, MPINT_MAX_LEN/4-1
@ -426,6 +507,10 @@ proc mpint_shlmov uses eax ebx ecx edx esi edi, dst, src, shift ;////////////;;
mov dword[eax], 0 mov dword[eax], 0
ret ret
.overflow:
int3
ret
endp endp
;;===========================================================================;; ;;===========================================================================;;
@ -439,19 +524,21 @@ proc mpint_add uses esi edi ecx eax, dst, src ;//////////////////////////////;;
;< dst = dst + src ;; ;< dst = dst + src ;;
;;===========================================================================;; ;;===========================================================================;;
DEBUGF 1, "mpint_add(0x%x, 0x%x)\n", [dst], [src]
mov esi, [src] mov esi, [src]
mov edi, [dst] mov edi, [dst]
mov ecx, [esi] ; source number length stdcall mpint_bytes, esi
sub ecx, [dst] mov ecx, eax
jbe .length_ok stdcall mpint_bytes, edi
; Length of the destination is currently smaller then the source, pad with 0 bytes cmp ecx, eax
add edi, [edi] jb .grow_src
add edi, 4 ja .grow_dst
mov al, 0 test ecx, ecx
rep stosb jz .done
.length_ok: .length_ok:
mov ecx, [esi] push ecx
mov edi, [dst]
add esi, 4 add esi, 4
add edi, 4 add edi, 4
; Add the first byte ; Add the first byte
@ -467,9 +554,11 @@ proc mpint_add uses esi edi ecx eax, dst, src ;//////////////////////////////;;
dec ecx dec ecx
jnz @r jnz @r
.done: .done:
; check if highest bit OR carry flag is set ; check if highest bit OR carry flag is set
; if so, add a byte if we have the buffer space ; if so, add a byte if we have the buffer space
; TODO: check if we have the buffer space ; TODO: check if we have the buffer space
pop ecx
jc .carry jc .carry
cmp byte[edi], 0x80 cmp byte[edi], 0x80
jnz .high_bit_set jnz .high_bit_set
@ -477,21 +566,32 @@ proc mpint_add uses esi edi ecx eax, dst, src ;//////////////////////////////;;
ret ret
.carry: .carry:
inc edi
mov byte[edi], 1
mov eax, [dst] mov eax, [dst]
cmp [eax], ecx
ja @f
inc dword[eax] inc dword[eax]
@@:
mov byte[edi+1], 1
ret ret
.high_bit_set: .high_bit_set:
inc edi
mov byte[edi], 0
mov eax, [dst] mov eax, [dst]
cmp [eax], ecx
ja @f
inc dword[eax] inc dword[eax]
@@:
mov byte[edi+1], 0
ret ret
.grow_dst:
stdcall mpint_grow, edi, ecx
jmp .length_ok
.grow_src:
mov ecx, eax
stdcall mpint_grow, esi, ecx
jmp .length_ok
endp endp
;;===========================================================================;; ;;===========================================================================;;
@ -505,12 +605,20 @@ proc mpint_sub uses eax esi edi ecx, dst, src ;//////////////////////////////;;
;< dst = dst - src ;; ;< dst = dst - src ;;
;;===========================================================================;; ;;===========================================================================;;
DEBUGF 1, "mpint_sub(0x%x, 0x%x)\n", [dst], [src]
mov esi, [src] mov esi, [src]
mov edi, [dst] mov edi, [dst]
mov ecx, [esi] ; destination number length stdcall mpint_bytes, esi
cmp ecx, [edi] mov ecx, eax
ja .overflow stdcall mpint_bytes, edi
cmp ecx, eax
jb .grow_src
ja .grow_dst
test ecx, ecx
jz .done
.length_ok:
add esi, 4 add esi, 4
add edi, 4 add edi, 4
; Subtract the first byte ; Subtract the first byte
@ -526,7 +634,6 @@ proc mpint_sub uses eax esi edi ecx, dst, src ;//////////////////////////////;;
dec ecx dec ecx
jnz @r jnz @r
.done: .done:
stdcall mpint_shrink, [dst]
ret ret
.overflow: .overflow:
@ -534,32 +641,83 @@ proc mpint_sub uses eax esi edi ecx, dst, src ;//////////////////////////////;;
stc stc
ret ret
.grow_dst:
stdcall mpint_grow, edi, ecx
jmp .length_ok
.grow_src:
mov ecx, eax
stdcall mpint_grow, esi, ecx
jmp .length_ok
endp endp
;;===========================================================================;; ;;===========================================================================;;
proc mpint_shrink uses eax edi ecx, dst ;////////////////////////////////////;; proc mpint_shrink uses eax edi, dst ;////////////////////////////////////////;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;? Get rid of leading zeroes on a little endian MPINT. ;; ;? Get rid of unnescessary leading zeroes on a little endian MPINT. ;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;> src = pointer to little endian MPINT ;; ;> src = pointer to little endian MPINT ;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;< ;; ;< ;;
;;===========================================================================;; ;;===========================================================================;;
mov edi, [dst] DEBUGF 1, "mpint_shrink(0x%x)\n", [dst]
lodsd
std
mov ecx, eax
dec eax ; total length minus one
add edi, eax
xor al, al
repe cmpsb
inc ecx
mov edi, [dst]
mov [edi], ecx
cld
; mov edi, [dst]
; lodsd
; std
; mov ecx, eax
; dec eax ; total length minus one
; add edi, eax
; xor al, al
; repe cmpsb
; inc ecx
; mov edi, [dst]
; mov [edi], ecx
; cld
stdcall mpint_bits, [dst]
shr eax, 3
inc eax
mov edi, [dst]
mov [edi], eax
ret
endp
;;===========================================================================;;
proc mpint_grow uses eax edi ecx, dst, length ;//////////////////////////////;;
;;---------------------------------------------------------------------------;;
;? Add leading zeroes on a little endian MPINT. ;;
;;---------------------------------------------------------------------------;;
;> src = pointer to little endian MPINT ;;
;> length = total length of the new MPINT in bytes ;;
;;---------------------------------------------------------------------------;;
;< ;;
;;===========================================================================;;
DEBUGF 1, "mpint_grow(0x%x, %u): ", [dst], [length]
mov edi, [dst]
mov eax, [edi]
mov ecx, [length]
sub ecx, eax
jbe .dontgrow
lea edi, [edi + 4 + eax]
xor al, al
rep stosb
mov eax, [length]
mov edi, [dst]
mov [edi], eax
DEBUGF 1, "ok\n"
ret
.dontgrow:
DEBUGF 1, "already large enough!\n"
ret ret
endp endp
@ -567,7 +725,7 @@ endp
;;===========================================================================;; ;;===========================================================================;;
proc mpint_mul uses esi edi ecx ebx eax, dst, A, B ;/////////////////////////;; proc mpint_mul uses esi edi ecx ebx eax, dst, A, B ;/////////////////////////;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;? Multiply to little endian MPINTS and store them in a new one. ;; ;? Multiply two little endian MPINTS and store them in a third one. ;;
;;---------------------------------------------------------------------------;; ;;---------------------------------------------------------------------------;;
;> A = pointer to little endian MPINT ;; ;> A = pointer to little endian MPINT ;;
;> B = pointer to little endian MPINT ;; ;> B = pointer to little endian MPINT ;;
@ -576,27 +734,21 @@ proc mpint_mul uses esi edi ecx ebx eax, dst, A, B ;/////////////////////////;;
;< dst = A * B ;; ;< dst = A * B ;;
;;===========================================================================;; ;;===========================================================================;;
DEBUGF 1, "mpint_mul(0x%x, 0x%x, 0x%x)\n", [dst], [A], [B]
; Set result to zero ; Set result to zero
mov eax, [dst] mov eax, [dst]
mov dword[eax], 0 mov dword[eax], 0
; first, find the byte in A containing the highest order bit
mov edi, [A] mov edi, [A]
mov eax, [edi] stdcall mpint_bytes, edi
test eax, eax test eax, eax
jz .zero jz .zero
add edi, 4-1
add edi, eax add edi, eax
mov al, [edi+1] mov ecx, eax
mov esi, edi ; Iterate through the bits in A,
mov bl, 8 ; starting from the highest order bit down to the lowest order bit.
@@:
shl al, 1
jc .first_hit
dec bl
jnz @r
; Then, starting from this byte, iterate through the bits in A,
; starting from the highest order bit down to the lowest order bit.
.next_byte: .next_byte:
mov al, [edi] mov al, [edi]
dec edi dec edi
@ -605,7 +757,6 @@ proc mpint_mul uses esi edi ecx ebx eax, dst, A, B ;/////////////////////////;;
stdcall mpint_shl1, [dst] stdcall mpint_shl1, [dst]
shl al, 1 shl al, 1
jnc .zero_bit jnc .zero_bit
.first_hit:
stdcall mpint_add, [dst], [B] stdcall mpint_add, [dst], [B]
.zero_bit: .zero_bit:
dec bl dec bl
@ -628,42 +779,39 @@ proc mpint_mod uses eax ebx ecx, dst, mod ;//////////////////////////////////;;
;< dst = dst MOD mod ;; ;< dst = dst MOD mod ;;
;;===========================================================================;; ;;===========================================================================;;
DEBUGF 1, "mpint_mod(0x%x, 0x%x)\n", [dst], [mod]
locals locals
mpint_tmp rb MPINT_MAX_LEN+4 mpint_tmp rb MPINT_MAX_LEN+4
endl endl
; if mod is zero, return stdcall mpint_cmp, [mod], [dst]
mov eax, [mod] ja .done ; if mod > dst, dst = dst ;;;;;;;
cmp dword[eax], 0 je .zero ; if mod == dst, dst = 0
je .zero
stdcall mpint_cmp, eax, [dst]
jb .done ; if dst < mod, dst = dst
je .zero ; if dst == mod, dst = 0
lea ebx, [mpint_tmp]
; left shift mod until the high order bits of mod and dst are aligned ; left shift mod until the high order bits of mod and dst are aligned
stdcall mpint_hob, [dst]
stdcall mpint_bits, [dst]
mov ecx, eax mov ecx, eax
stdcall mpint_hob, [mod] stdcall mpint_bits, [mod]
test eax, eax
jz .zero ; if mod is zero, return
sub ecx, eax sub ecx, eax
lea ebx, [mpint_tmp]
stdcall mpint_shlmov, ebx, [mod], ecx stdcall mpint_shlmov, ebx, [mod], ecx
inc ecx inc ecx
; For every bit in dst (starting from the high order bit): ; For every bit in dst (starting from the high order bit):
.loop: .bitloop:
; determine if dst is bigger than mpint_tmp stdcall mpint_cmp, [dst], ebx ; If dst > mpint_tmp
stdcall mpint_cmp, [dst], ebx jb @f ;;;;;;;;
ja @f stdcall mpint_sub, [dst], ebx ; dst = dst - mpint_tmp
; if so, subtract mpint_tmp from dst
stdcall mpint_sub, [dst], ebx
@@: @@:
dec ecx dec ecx
jz .done jz .done
; shift mpint_tmp right by 1
stdcall mpint_shr1, ebx stdcall mpint_shr1, ebx ; mpint = mpint >> 1
jmp .loop jmp .bitloop
.zero: .zero:
mov eax, [dst] mov eax, [dst]
@ -686,19 +834,25 @@ proc mpint_modexp uses edi eax ebx ecx edx, dst, base, exp, mod ;////////////;;
;< dst = base ** exp MOD mod ;; ;< dst = base ** exp MOD mod ;;
;;===========================================================================;; ;;===========================================================================;;
;DEBUGF 1, "mpint_modexp(0x%x, 0x%x, 0x%x, 0x%x)\n", [dst], [base], [exp], [mod]
locals locals
mpint_tmp rb MPINT_MAX_LEN+4 mpint_tmp rb MPINT_MAX_LEN+4
endl endl
; If mod is zero, return ; If mod is zero, return
mov eax, [mod] stdcall mpint_bits, [mod]
cmp dword[eax], 0 test eax, eax
je .mod_zero jz .mod_zero
; Find the highest order byte in exponent ; Find highest order byte in exponent
stdcall mpint_bytes, [exp]
test eax, eax
jz .exp_zero
mov ecx, eax
mov edi, [exp] mov edi, [exp]
mov ecx, [edi]
lea edi, [edi + 4 + ecx - 1] lea edi, [edi + 4 + ecx - 1]
; Find the highest order bit in this byte ; Find the highest order bit in this byte
mov al, [edi] mov al, [edi]
test al, al test al, al
@ -709,7 +863,9 @@ endl
shl al, 1 shl al, 1
jnc @r jnc @r
; Make pointer to tmp mpint for convenient access
lea edx, [mpint_tmp] lea edx, [mpint_tmp]
; Initialise result to base, to take care of the highest order bit ; Initialise result to base, to take care of the highest order bit
stdcall mpint_mov, [dst], [base] stdcall mpint_mov, [dst], [base]
dec bl dec bl
@ -737,6 +893,7 @@ endl
mov bl, 8 mov bl, 8
jmp .bit_loop jmp .bit_loop
.done: .done:
;stdcall mpint_print, [dst]
ret ret
.mod_zero: .mod_zero:

212
programs/network/ssh/ssh.asm
View File

@ -1,6 +1,6 @@
; ssh.asm - SSH client for KolibriOS ; ssh.asm - SSH client for KolibriOS
; ;
; Copyright (C) 2015-2017 Jeffrey Amelynck ; Copyright (C) 2015-2021 Jeffrey Amelynck
; ;
; This program is free software: you can redistribute it and/or modify ; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by ; it under the terms of the GNU General Public License as published by
@ -18,7 +18,7 @@
format binary as "" format binary as ""
__DEBUG__ = 1 __DEBUG__ = 1
__DEBUG_LEVEL__ = 2 ; 1: Extreme debugging, 2: Debugging, 3: Errors only __DEBUG_LEVEL__ = 3 ; 1: Everything, including sinsitive information, 2: Debugging, 3: Errors only
BUFFERSIZE = 4096 BUFFERSIZE = 4096
MAX_BITS = 8192 MAX_BITS = 8192
@ -57,6 +57,10 @@ include 'aes256.inc'
include 'aes256-ctr.inc' include 'aes256-ctr.inc'
include 'aes256-cbc.inc' include 'aes256-cbc.inc'
include 'blowfish.inc'
include 'blowfish-ctr.inc'
include 'blowfish-cbc.inc'
include 'hmac_sha256.inc' include 'hmac_sha256.inc'
include 'hmac_sha1.inc' include 'hmac_sha1.inc'
include 'hmac_md5.inc' include 'hmac_md5.inc'
@ -83,13 +87,13 @@ if __DEBUG_LEVEL__ <= 1
.next_dword: .next_dword:
lodsd lodsd
bswap eax bswap eax
DEBUGF 1,'%x',eax DEBUGF 1,'%x', eax
loop .next_dword loop .next_dword
DEBUGF 1,'\n' DEBUGF 1,'\n'
popad popad
ret
end if end if
ret
endp endp
struct ssh_connection struct ssh_connection
@ -114,6 +118,9 @@ struct ssh_connection
rx_crypt_blocksize dd ? rx_crypt_blocksize dd ?
tx_crypt_blocksize dd ? tx_crypt_blocksize dd ?
rx_padsize dd ? ; = Max(8, rx_crypt_blocksize)
tx_padsize dd ? ; = Max(8, tx_crypt_blocksize)
; Message authentication ; Message authentication
rx_mac_proc dd ? rx_mac_proc dd ?
@ -256,7 +263,6 @@ resolve:
test eax, eax test eax, eax
jnz dns_error jnz dns_error
invoke con_cls
invoke con_write_asciiz, str3 invoke con_write_asciiz, str3
invoke con_write_asciiz, con.hostname invoke con_write_asciiz, con.hostname
@ -276,7 +282,6 @@ resolve:
invoke con_write_asciiz, str9 invoke con_write_asciiz, str9
mcall 40, EVM_STACK + EVM_KEY mcall 40, EVM_STACK + EVM_KEY
invoke con_cls
; Create socket ; Create socket
mcall socket, AF_INET4, SOCK_STREAM, 0 mcall socket, AF_INET4, SOCK_STREAM, 0
@ -330,6 +335,8 @@ resolve:
mov [con.tx_mac_proc], 0 mov [con.tx_mac_proc], 0
mov [con.rx_mac_length], 0 mov [con.rx_mac_length], 0
mov [con.tx_mac_length], 0 mov [con.tx_mac_length], 0
mov [con.rx_padsize], 8 ; minimum padsize
mov [con.tx_padsize], 8
DEBUGF 2, "Sending KEX init\n" DEBUGF 2, "Sending KEX init\n"
mov edi, ssh_kex.cookie mov edi, ssh_kex.cookie
@ -409,7 +416,7 @@ resolve:
lodsb lodsb
DEBUGF 1, "KEX First Packet Follows: %u\n", al DEBUGF 1, "KEX First Packet Follows: %u\n", al
; TODO: parse this structure and init procedures accordingly ; TODO: parse this structure and init procedures accordingly
; HASH: string I_S, the payload of the servers's SSH_MSG_KEXINIT ; HASH: string I_S, the payload of the servers's SSH_MSG_KEXINIT
mov eax, dword[con.rx_buffer+ssh_packet_header.packet_length] mov eax, dword[con.rx_buffer+ssh_packet_header.packet_length]
@ -423,6 +430,8 @@ resolve:
; Exchange keys with the server ; Exchange keys with the server
; TODO: host verification
stdcall dh_gex stdcall dh_gex
test eax, eax test eax, eax
jnz exit jnz exit
@ -431,19 +440,21 @@ resolve:
DEBUGF 2, "SSH: Setting encryption keys\n" DEBUGF 2, "SSH: Setting encryption keys\n"
stdcall aes256_cbc_init, con.rx_iv stdcall aes256_ctr_init, con.rx_iv
mov [con.rx_crypt_ctx_ptr], eax mov [con.rx_crypt_ctx_ptr], eax
stdcall aes256_set_decrypt_key, eax, con.rx_enc_key stdcall aes256_set_encrypt_key, eax, con.rx_enc_key
mov [con.rx_crypt_proc], aes256_cbc_decrypt mov [con.rx_crypt_proc], aes256_ctr_crypt
mov [con.rx_crypt_blocksize], AES256_BLOCKSIZE mov [con.rx_crypt_blocksize], AES256_BLOCKSIZE
mov [con.rx_padsize], AES256_BLOCKSIZE
stdcall aes256_cbc_init, con.tx_iv stdcall aes256_ctr_init, con.tx_iv
mov [con.tx_crypt_ctx_ptr], eax mov [con.tx_crypt_ctx_ptr], eax
stdcall aes256_set_encrypt_key, eax, con.tx_enc_key stdcall aes256_set_encrypt_key, eax, con.tx_enc_key
mov [con.tx_crypt_proc], aes256_cbc_encrypt mov [con.tx_crypt_proc], aes256_ctr_crypt
mov [con.tx_crypt_blocksize], AES256_BLOCKSIZE mov [con.tx_crypt_blocksize], AES256_BLOCKSIZE
mov [con.tx_padsize], AES256_BLOCKSIZE
stdcall hmac_sha256_setkey, con.rx_mac_ctx, con.rx_int_key, SHA256_HASH_SIZE stdcall hmac_sha256_setkey, con.rx_mac_ctx, con.rx_int_key, SHA256_HASH_SIZE
mov [con.rx_mac_proc], hmac_sha256 mov [con.rx_mac_proc], hmac_sha256
@ -465,7 +476,7 @@ resolve:
; << Check for service acceptance ; << Check for service acceptance
stdcall ssh_recv_packet, con, 0 stdcall ssh_msg_handler, con, 0
cmp eax, -1 cmp eax, -1
je socket_err je socket_err
@ -474,23 +485,93 @@ resolve:
; >> Request user authentication ; >> Request user authentication
; TODO: Request username from the user
; invoke con_write_asciiz, str12
; invoke con_gets, username, 256
; test eax, eax
; jz done
; TODO: implement password authentication
DEBUGF 2, "SSH: User authentication\n" DEBUGF 2, "SSH: User authentication\n"
stdcall ssh_send_packet, con, ssh_request_userauth, ssh_request_userauth.length, 0 mcall 68, 12, 1024 ; FIXME
test eax, eax
jz done ; FIXME
mov edi, eax
mov ebx, eax
mov byte[edi], SSH_MSG_USERAUTH_REQUEST
inc edi
; Get username
add edi, 4
invoke con_write_asciiz, str12
invoke con_gets, edi, 256 ; FIXME
test eax, eax
jz done ; FIXME
mov edx, eax
mov ecx, 256
xor al, al
repne scasb
dec edi ; \0
dec edi ; \n
push edi
sub edi, edx
bswap edi
mov [edx-4], edi
pop edi
mov dword[edi], 0x0e000000 ; 14 Bswapped
mov dword[edi+4], "ssh-"
mov dword[edi+8], "conn"
mov dword[edi+12], "ecti"
mov word[edi+16], "on"
add edi, 18
mov dword[edi], 0x08000000 ; 8 Bswapped
mov dword[edi+4], "pass"
mov dword[edi+8], "word"
mov byte[edi+12], 0 ; bool
add edi, 13
; Get password
add edi, 4
invoke con_write_asciiz, str13
push eax
invoke con_gets, edi, 256 ; FIXME
test eax, eax
jz done ; FIXME
mov edx, eax
mov ecx, 256
xor al, al
repne scasb
dec edi ; \0
dec edi ; \n
push edi
sub edi, edx
bswap edi
mov [edx-4], edi
pop edi
sub edi, ebx
push ebx
stdcall ssh_send_packet, con, ebx, edi, 0
; Clear used buffer and free
pop edx
mov edi, edx
push eax
mov ecx, 1024/4 ; FIXME
xor eax, eax
rep stosd
mcall 68, 13, edx
pop eax
cmp eax, -1 cmp eax, -1
je socket_err je socket_err
invoke con_write_asciiz, str14
; << Check for userauth acceptance ; << Check for userauth acceptance
stdcall ssh_recv_packet, con, 0 stdcall ssh_msg_handler, con, 0
cmp eax, -1 cmp eax, -1
je socket_err je socket_err
@ -507,7 +588,7 @@ resolve:
; << Check for channel open confirmation ; << Check for channel open confirmation
stdcall ssh_recv_packet, con, 0 stdcall ssh_msg_handler, con, 0
cmp eax, -1 cmp eax, -1
je socket_err je socket_err
@ -524,7 +605,7 @@ resolve:
; << Check for channel request confirmation ; << Check for channel request confirmation
stdcall ssh_recv_packet, con, 0 stdcall ssh_msg_handler, con, 0
cmp eax, -1 cmp eax, -1
je socket_err je socket_err
@ -541,7 +622,9 @@ resolve:
; << Check for channel request confirmation (FIXME: this may not be first packet!) ; << Check for channel request confirmation (FIXME: this may not be first packet!)
; stdcall ssh_recv_packet, con, 0 ; TODO
;
; stdcall ssh_msg_handler, con, 0
; cmp eax, -1 ; cmp eax, -1
; je socket_err ; je socket_err
@ -560,7 +643,7 @@ mainloop:
test eax, 0x200 ; con window closed? test eax, 0x200 ; con window closed?
jnz exit jnz exit
stdcall ssh_recv_packet, con, 0 stdcall ssh_msg_handler, con, 0
cmp eax, 0 cmp eax, 0
jbe closed jbe closed
@ -593,6 +676,9 @@ mainloop:
proto_err: proto_err:
mov eax, con.rx_buffer
int3
DEBUGF 3, "SSH: protocol error\n" DEBUGF 3, "SSH: protocol error\n"
invoke con_write_asciiz, str7 invoke con_write_asciiz, str7
jmp prompt jmp prompt
@ -628,17 +714,53 @@ thread:
.loop: .loop:
invoke con_getch2 invoke con_getch2
mov [ssh_channel_data+9], al mov [ssh_channel_data+9], al
stdcall ssh_send_packet, con, ssh_channel_data, ssh_channel_data.length, 0 stdcall ssh_send_packet, con, ssh_channel_data, ssh_channel_data.length, MSG_DONTWAIT
invoke con_get_flags invoke con_get_flags
test eax, 0x200 ; con window closed? test eax, 0x200 ; con window closed?
jz .loop jz .loop
mcall -1 mcall -1
; Handle common messages and return from specific ones
proc ssh_msg_handler, con, flags
.recv:
stdcall ssh_recv_packet, [con], [flags]
cmp eax, -1
je .ret
cmp [con.rx_buffer.message_code], SSH_MSG_DISCONNECT
je .disc
cmp [con.rx_buffer.message_code], SSH_MSG_IGNORE
je .ign
cmp [con.rx_buffer.message_code], SSH_MSG_DEBUG
je .dbg
cmp [con.rx_buffer.message_code], SSH_MSG_GLOBAL_REQUEST
je .glob
.ret:
ret
.disc:
mov eax, -1
ret
.ign:
jmp .recv
.dbg:
.glob:
; TODO
jmp .recv
endp
; data ; data
title db 'Secure Shell',0 title db 'Secure Shell',0
str1 db 'SSH client for KolibriOS',10,10,\ str1 db 'SSH client for KolibriOS',10,10,\
'Please enter URL of SSH server (host:port)',10,10,0 'Please enter URL of SSH server (hostname:port)',10,10,0
str2 db '> ',0 str2 db '> ',0
str3 db 'Connecting to ',0 str3 db 'Connecting to ',0
str4 db 10,0 str4 db 10,0
@ -649,12 +771,14 @@ str8 db ' (',0
str9 db ')',10,0 str9 db ')',10,0
str10 db 'Invalid hostname.',10,10,0 str10 db 'Invalid hostname.',10,10,0
str11 db 10,'Remote host closed the connection.',10,10,0 str11 db 10,'Remote host closed the connection.',10,10,0
str12 db 'Enter username: ',0 str12 db 'Login as: ',0
str13 db 'Password: ', 27, '[?25l', 27, '[30;40m', 0
str14 db 10, 27, '[?25h', 27, '[0m', 0
ssh_ident_ha: ssh_ident_ha:
dd_n (ssh_ident.length-2) dd_n (ssh_ident.length-2)
ssh_ident: ssh_ident:
db "SSH-2.0-KolibriOS_SSH_0.02",13,10 db "SSH-2.0-KolibriOS_SSH_0.03",13,10
.length = $ - ssh_ident .length = $ - ssh_ident
ssh_kex: ssh_kex:
@ -669,10 +793,10 @@ ssh_kex:
db "ssh-rsa" ;,ssh-dss db "ssh-rsa" ;,ssh-dss
.encryption_algorithms_client_to_server: .encryption_algorithms_client_to_server:
dd_n .encryption_algorithms_server_to_client - .encryption_algorithms_client_to_server - 4 dd_n .encryption_algorithms_server_to_client - .encryption_algorithms_client_to_server - 4
db "aes256-cbc" ;,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128" db "aes256-ctr" ;,aes256-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128"
.encryption_algorithms_server_to_client: .encryption_algorithms_server_to_client:
dd_n .mac_algorithms_client_to_server - .encryption_algorithms_server_to_client - 4 dd_n .mac_algorithms_client_to_server - .encryption_algorithms_server_to_client - 4
db "aes256-cbc" ;,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128" db "aes256-ctr" ;,aes256-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128"
.mac_algorithms_client_to_server: .mac_algorithms_client_to_server:
dd_n .mac_algorithms_server_to_client - .mac_algorithms_client_to_server - 4 dd_n .mac_algorithms_server_to_client - .mac_algorithms_client_to_server - 4
db "hmac-sha2-256" ;,hmac-sha1,hmac-sha1-96,hmac-md5" db "hmac-sha2-256" ;,hmac-sha1,hmac-sha1-96,hmac-md5"
@ -700,9 +824,9 @@ ssh_kex:
ssh_gex_req: ssh_gex_req:
db SSH_MSG_KEX_DH_GEX_REQUEST db SSH_MSG_KEX_DH_GEX_REQUEST
dd_n 8192/4 ; DH GEX min dd_n 4096/4 ; DH GEX min
dd_n 8192/2 ; DH GEX number of bits dd_n 4096/2 ; DH GEX number of bits
dd_n 8192 ; DH GEX Max dd_n 4096 ; DH GEX Max
.length = $ - ssh_gex_req .length = $ - ssh_gex_req
@ -720,14 +844,15 @@ ssh_request_service:
ssh_request_userauth: ssh_request_userauth:
db SSH_MSG_USERAUTH_REQUEST db SSH_MSG_USERAUTH_REQUEST
dd_n 12 dd_n 9
dd_n 8 db "user123" ; user name in ISO-10646 UTF-8 encoding [RFC3629]
db "username" ; user name in ISO-10646 UTF-8 encoding [RFC3629]
dd_n 14 dd_n 14
db "ssh-connection" ; service name in US-ASCII db "ssh-connection" ; service name in US-ASCII
dd_n 4 dd_n 8
db "none" ; method name in US-ASCII db "password" ; method name in US-ASCII: none, publickey, password, hostbased
; Other options: publickey, password, hostbased db 0 ; bool: false
dd_n 14
db "pass123"
.length = $ - ssh_request_userauth .length = $ - ssh_request_userauth
@ -796,7 +921,8 @@ import console, \
con_getch2, 'con_getch2', \ con_getch2, 'con_getch2', \
con_set_cursor_pos, 'con_set_cursor_pos', \ con_set_cursor_pos, 'con_set_cursor_pos', \
con_write_string, 'con_write_string', \ con_write_string, 'con_write_string', \
con_get_flags, 'con_get_flags' con_get_flags, 'con_get_flags', \
con_set_flags, 'con_set_flags'
import libcrash, \ import libcrash, \
sha256_init, 'sha256_init', \ sha256_init, 'sha256_init', \

14
programs/network/ssh/ssh_transport.inc
View File

@ -1,6 +1,6 @@
; ssh_transport.inc - SSH transport layer ; ssh_transport.inc - SSH transport layer
; ;
; Copyright (C) 2016 Jeffrey Amelynck ; Copyright (C) 2016-2021 Jeffrey Amelynck
; ;
; This program is free software: you can redistribute it and/or modify ; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by ; it under the terms of the GNU General Public License as published by
@ -29,6 +29,7 @@ proc ssh_recv_packet connection, flags
locals locals
data_length dd ? ; Total length of packet without MAC data_length dd ? ; Total length of packet without MAC
socket_error dd ?
endl endl
DEBUGF 2, "> " DEBUGF 2, "> "
@ -39,6 +40,7 @@ endl
lea edx, [ebx+ssh_connection.rx_buffer] lea edx, [ebx+ssh_connection.rx_buffer]
mov edi, [flags] mov edi, [flags]
mcall recv mcall recv
mov [socket_error], ebx
DEBUGF 1, "chunk = %u ", eax DEBUGF 1, "chunk = %u ", eax
mov ebx, [connection] mov ebx, [connection]
cmp eax, [ebx+ssh_connection.rx_crypt_blocksize] cmp eax, [ebx+ssh_connection.rx_crypt_blocksize]
@ -145,11 +147,13 @@ endl
.fail: .fail:
DEBUGF 3, "ssh_recv_packet failed!\n" DEBUGF 3, "ssh_recv_packet failed!\n"
mov eax, -1 mov eax, -1
mov ebx, [socket_error]
ret ret
.mac_failed: .mac_failed:
DEBUGF 3, "ssh_recv_packet MAC failed!\n" DEBUGF 3, "ssh_recv_packet MAC failed!\n"
mov eax, -1 mov eax, -2
mov ebx, [socket_error]
ret ret
endp endp
@ -168,14 +172,14 @@ endl
lea edx, [eax+4] ; total packet size (without padding and MAC) lea edx, [eax+4] ; total packet size (without padding and MAC)
mov [packet_size], edx mov [packet_size], edx
mov ecx, [connection] mov ecx, [connection]
mov ebx, [ecx+ssh_connection.tx_crypt_blocksize] mov ebx, [ecx+ssh_connection.tx_padsize]
dec ebx dec ebx
and edx, ebx and edx, ebx
neg edx neg edx
add edx, [ecx+ssh_connection.tx_crypt_blocksize] add edx, [ecx+ssh_connection.tx_padsize]
cmp edx, 4 ; minimum padding size cmp edx, 4 ; minimum padding size
jae @f jae @f
add edx, [ecx+ssh_connection.tx_crypt_blocksize] add edx, [ecx+ssh_connection.tx_padsize]
@@: @@:
DEBUGF 1, "padding %u bytes ", edx DEBUGF 1, "padding %u bytes ", edx
add [packet_size], edx add [packet_size], edx

157
programs/network/ssh/test/maketests.py Normal file
View File

@ -0,0 +1,157 @@
file = open('numtests.txt', mode = 'r', encoding = 'utf-8-sig')
lines = file.readlines()
file.close()
commands = {"Sum", "Product", "LShift", "LShift1", "ModExp", "Remainder"}
command = ""
result = 0
A = 0
E = 0
B = 0
N = 0
M = 0
ctr = 0
def print_mpint(a, A):
print(a + " dd " + str((A.bit_length() + 7) // 8))
print(" db ", end='')
for byte in A.to_bytes(((A.bit_length() + 7) // 8),"little"):
print(hex(byte) + ", ", end='')
print("0x0")
print(" rb MPINT_MAX_LEN - " + str(max((((A.bit_length() + 7) // 8) + 1), 0)))
for line in lines:
words = line.split()
if line[0] == '#':
print(";" + line[1:], end='')
elif words[0] in commands:
command = words[0]
result = int(words[2], 16)
ctr+=1
elif words[0] == 'A':
A = int(words[2], 16)
if (command == 'LShift1'):
if (A >= 0):
print("stdcall mpint_shl1, mpint_A" + str(ctr))
print("stdcall mpint_cmp, mpint_A" + str(ctr) + ", mpint_result" + str(ctr))
print("je @f")
print("mov eax, " + str(ctr))
print("int3")
print("@@:")
print("iglobal")
print_mpint(str("mpint_A" + str(ctr)), A)
print_mpint(str("mpint_result" + str(ctr)), result)
print("endg")
print()
elif words[0] == 'B':
B = int(words[2], 16)
if (command == 'Sum'):
if (A >= 0) & (B >= 0):
print("stdcall mpint_add, mpint_B" + str(ctr) + ", mpint_A" + str(ctr))
print("stdcall mpint_cmp, mpint_B" + str(ctr) + ", mpint_result" + str(ctr))
print("je @f")
print("mov eax, " + str(ctr))
print("int3")
print("@@:")
print("iglobal")
print_mpint(str("mpint_A" + str(ctr)), A)
print_mpint(str("mpint_B" + str(ctr)), B)
print_mpint(str("mpint_result" + str(ctr)), result)
print("endg")
print()
elif (A <= 0) & (B >= 0) & (result >= 0):
print("stdcall mpint_sub, mpint_B" + str(ctr) + ", mpint_A" + str(ctr))
print("stdcall mpint_cmp, mpint_B" + str(ctr) + ", mpint_result" + str(ctr))
print("je @f")
print("mov eax, " + str(ctr))
print("int3")
print("@@:")
print("iglobal")
print_mpint(str("mpint_A" + str(ctr)), -A)
print_mpint(str("mpint_B" + str(ctr)), B)
print_mpint(str("mpint_result" + str(ctr)), result)
print("endg")
print()
elif (A >= 0) & (B <= 0) & (result >= 0):
print("stdcall mpint_sub, mpint_A" + str(ctr) + ", mpint_B" + str(ctr))
print("stdcall mpint_cmp, mpint_A" + str(ctr) + ", mpint_result" + str(ctr))
print("je @f")
print("mov eax, " + str(ctr))
print("int3")
print("@@:")
print("iglobal")
print_mpint(str("mpint_A" + str(ctr)), A)
print_mpint(str("mpint_B" + str(ctr)), -B)
print_mpint(str("mpint_result" + str(ctr)), result)
print("endg")
print()
if (command == 'Product'):
if (A >= 0) & (B >= 0):
print("stdcall mpint_mul, mpint_tmp, mpint_B" + str(ctr) + ", mpint_A" + str(ctr))
print("stdcall mpint_cmp, mpint_tmp, mpint_result" + str(ctr))
print("je @f")
print("mov eax, " + str(ctr))
print("int3")
print("@@:")
print("iglobal")
print_mpint(str("mpint_A" + str(ctr)), A)
print_mpint(str("mpint_B" + str(ctr)), B)
print_mpint(str("mpint_result" + str(ctr)), result)
print("endg")
print()
if (command == 'Remainder'):
if (A >= 0) & (B >= 0):
print("stdcall mpint_mod, mpint_A" + str(ctr) + ", mpint_B" + str(ctr))
print("stdcall mpint_cmp, mpint_A" + str(ctr) + ", mpint_result" + str(ctr))
print("je @f")
print("mov eax, " + str(ctr))
print("int3")
print("@@:")
print("iglobal")
print_mpint(str("mpint_A" + str(ctr)), A)
print_mpint(str("mpint_B" + str(ctr)), B)
print_mpint(str("mpint_result" + str(ctr)), result)
print("endg")
print()
elif words[0] == 'N':
N = int(words[2], 16)
if (command == 'LShift'):
if (A >= 0):
print("stdcall mpint_shlmov, mpint_tmp, mpint_A" + str(ctr) + ", " + str(N))
print("stdcall mpint_cmp, mpint_tmp, mpint_result" + str(ctr))
print("je @f")
print("mov eax, " + str(ctr))
print("int3")
print("@@:")
print("stdcall mpint_shl, mpint_A" + str(ctr) + ", " + str(N))
print("stdcall mpint_cmp, mpint_A" + str(ctr) + ", mpint_result" + str(ctr))
print("je @f")
print("mov eax, " + str(ctr))
print("int3")
print("@@:")
print("iglobal")
print_mpint(str("mpint_A" + str(ctr)), A)
print_mpint(str("mpint_result" + str(ctr)), result)
print("endg")
print()
elif words[0] == 'E':
E = int(words[2], 16)
elif words[0] == 'M':
M = int(words[2], 16)
if (command == 'ModExp'):
if (A >= 0) & (B >= 0):
print("stdcall mpint_modexp, mpint_tmp, mpint_A" + str(ctr) + ", mpint_E" + str(ctr) + ", mpint_M" + str(ctr))
print("stdcall mpint_cmp, mpint_tmp, mpint_result" + str(ctr))
print("je @f")
print("mov eax, " + str(ctr))
print("int3")
print("@@:")
print("iglobal")
print_mpint(str("mpint_A" + str(ctr)), A)
print_mpint(str("mpint_E" + str(ctr)), E)
print_mpint(str("mpint_M" + str(ctr)), M)
print_mpint(str("mpint_result" + str(ctr)), result)
print("endg")
print()
else:
command = ''

231
programs/network/ssh/test/mpint.asm Normal file
View File

@ -0,0 +1,231 @@
; mpint.asm - Multi Precision INTeger routines test suite
;
; Copyright (C) 2015-2021 Jeffrey Amelynck
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
format binary as ""
__DEBUG__ = 1
__DEBUG_LEVEL__ = 1
MAX_BITS = 4096
use32
db 'MENUET01' ; signature
dd 1 ; header version
dd start ; entry point
dd i_end ; initialized size
dd mem+65536 ; required memory
dd mem+65536 ; stack pointer
dd 0 ; parameters
dd 0 ; path
include '../../../macros.inc'
purge mov,add,sub
include '../../../proc32.inc'
include '../../../debug-fdo.inc'
include '../mpint.inc'
cmptestctr = 0x10000000
macro cmptesteq arg1, arg2 {
stdcall mpint_cmp, arg1, arg2
je @f
mov eax, cmptestctr
int3
@@:
cmptestctr = cmptestctr + 1
}
macro cmptesta arg1, arg2 {
stdcall mpint_cmp, arg1, arg2
ja @f
mov eax, cmptestctr
int3
@@:
cmptestctr = cmptestctr + 1
stdcall mpint_cmp, arg2, arg1
jb @f
mov eax, cmptestctr
int3
@@:
cmptestctr = cmptestctr + 1
}
start:
DEBUGF 1, "MPINT Test suite\n"
; First, do some checks on the compare routine
cmptesteq mpint_0_0, mpint_0_0
cmptesteq mpint_0_0, mpint_0_1
cmptesteq mpint_0_1, mpint_0_0
cmptesteq mpint_0_1, mpint_0_1
cmptesteq mpint_0_5, mpint_0_0
cmptesteq mpint_0_0, mpint_0_5
cmptesteq mpint_0_5, mpint_0_1
cmptesteq mpint_0_1, mpint_0_5
cmptesteq mpint_1_1, mpint_1_1
cmptesteq mpint_1_1, mpint_1_2
cmptesteq mpint_1_2, mpint_1_1
cmptesteq mpint_1_2, mpint_1_2
cmptesteq mpint_1_5, mpint_1_1
cmptesteq mpint_1_1, mpint_1_5
cmptesteq mpint_1_5, mpint_1_2
cmptesteq mpint_1_2, mpint_1_5
cmptesteq mpint_2_1, mpint_2_1
cmptesteq mpint_2_1, mpint_2_2
cmptesteq mpint_2_2, mpint_2_1
cmptesteq mpint_2_2, mpint_2_2
cmptesteq mpint_2_5, mpint_2_1
cmptesteq mpint_2_1, mpint_2_5
cmptesteq mpint_2_5, mpint_2_2
cmptesteq mpint_2_2, mpint_2_5
cmptesta mpint_1_1, mpint_0_0
cmptesta mpint_1_1, mpint_0_1
cmptesta mpint_1_1, mpint_0_5
cmptesta mpint_1_5, mpint_0_0
cmptesta mpint_1_5, mpint_0_1
cmptesta mpint_1_5, mpint_0_5
cmptesta mpint_2_1, mpint_1_1
cmptesta mpint_2_1, mpint_1_2
cmptesta mpint_2_1, mpint_1_5
cmptesta mpint_2_2, mpint_1_1
cmptesta mpint_2_2, mpint_1_2
cmptesta mpint_2_2, mpint_1_5
cmptesta mpint_2_5, mpint_1_1
cmptesta mpint_2_5, mpint_1_2
cmptesta mpint_2_5, mpint_1_5
cmptesta mpint_100, mpint_ff
cmptesta mpint_10000, mpint_ff00
cmptesta mpint_100000000, mpint_ff000000
iglobal
mpint_0_0 dd 0
rb MPINT_MAX_LEN
mpint_0_1 dd 1
db 0
rb MPINT_MAX_LEN - 1
mpint_0_2 dd 2
db 0, 0
rb MPINT_MAX_LEN - 2
mpint_0_3 dd 3
db 0, 0, 0
rb MPINT_MAX_LEN - 3
mpint_0_4 dd 4
db 0, 0, 0, 0
rb MPINT_MAX_LEN - 4
mpint_0_5 dd 5
db 0, 0, 0, 0, 0
rb MPINT_MAX_LEN - 5
mpint_1_1 dd 1
db 1
rb MPINT_MAX_LEN - 1
mpint_1_2 dd 2
db 1, 0
rb MPINT_MAX_LEN - 2
mpint_1_3 dd 3
db 1, 0, 0
rb MPINT_MAX_LEN - 3
mpint_1_4 dd 4
db 1, 0, 0, 0
rb MPINT_MAX_LEN - 4
mpint_1_5 dd 5
db 1, 0, 0, 0, 0
rb MPINT_MAX_LEN - 5
mpint_2_1 dd 1
db 2
rb MPINT_MAX_LEN - 1
mpint_2_2 dd 2
db 2, 0
rb MPINT_MAX_LEN - 2
mpint_2_3 dd 3
db 2, 0, 0
rb MPINT_MAX_LEN - 3
mpint_2_4 dd 4
db 2, 0, 0, 0
rb MPINT_MAX_LEN - 4
mpint_2_5 dd 5
db 2, 0, 0, 0, 0
rb MPINT_MAX_LEN - 5
mpint_ff dd 2
db 0xff, 0
rb MPINT_MAX_LEN - 2
mpint_100 dd 2
db 0, 1
rb MPINT_MAX_LEN - 2
mpint_ff00 dd 3
db 0, 0xff, 0
rb MPINT_MAX_LEN - 3
mpint_10000 dd 3
db 0, 0, 1
rb MPINT_MAX_LEN - 3
mpint_ff000000 dd 5
db 0, 0, 0, 0xff, 0
rb MPINT_MAX_LEN - 5
mpint_100000000 dd 5
db 0, 0, 0, 0, 1
rb MPINT_MAX_LEN - 5
endg
include "tests.inc"
DEBUGF 1, "All tests completed\n"
mcall -1
IncludeIGlobals
i_end:
mpint_tmp rb MPINT_MAX_LEN+4
include_debug_strings
mem:

8145
programs/network/ssh/test/numtests.txt Normal file
View File

File diff suppressed because it is too large Load Diff

22738
programs/network/ssh/test/tests.inc Normal file
View File

File diff suppressed because it is too large Load Diff