Automatic algorithm selection.

git-svn-id: svn://kolibrios.org@9991 a494cfbc-eb01-0410-851d-a64ba20cac60
2024-03-10 18:38:46 +00:00
parent cc6df1e340
commit 97d2b9be48
5 changed files with 330 additions and 102 deletions
--- a/programs/network/ssh/sshlib_connection.inc
+++ b/programs/network/ssh/sshlib_connection.inc
@@ -202,81 +202,87 @@ endl
        cmp     eax, -1
        je      .err_sock

-        mov     esi, [con_ptr]
-        cmp     [esi + sshlib_connection.rx_buffer.message_code], SSH_MSG_KEXINIT
+        mov     ebx, [con_ptr]
+        cmp     [ebx + sshlib_connection.rx_buffer.message_code], SSH_MSG_KEXINIT
        jne     .err_proto
        DEBUGF  2, "Received KEX init\n"
+        lea     esi, [ebx + sshlib_connection.rx_buffer + sizeof.ssh_packet_header + 16]
+
+        DEBUGF  2, "kex_algorithm "
+        stdcall sshlib_algo_find_match, ssh_msg_kex.kex_algorithms, algorithms_kex
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_kex], eax
+
+        DEBUGF  2, "server_host_key_algorithm "
+        stdcall sshlib_algo_find_match, ssh_msg_kex.server_host_key_algorithms, algorithms_hostkey
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_hostkey], eax
+
+        DEBUGF  2, "encryption_algorithm_client_to_server "
+        stdcall sshlib_algo_find_match, ssh_msg_kex.encryption_algorithms_client_to_server, algorithms_crypt
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_crypt_tx], eax
+
+        DEBUGF  2, "encryption_algorithm_server_to_client ",
+        stdcall sshlib_algo_find_match, ssh_msg_kex.encryption_algorithms_server_to_client, algorithms_crypt
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_crypt_rx], eax
+
+        DEBUGF  2, "mac_algorithm_client_to_server "
+        stdcall sshlib_algo_find_match, ssh_msg_kex.mac_algorithms_client_to_server, algorithms_mac
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_mac_tx], eax
+
+        DEBUGF  2, "mac_algorithm_server_to_client "
+        stdcall sshlib_algo_find_match, ssh_msg_kex.mac_algorithms_server_to_client, algorithms_mac
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_mac_rx], eax
+
+        DEBUGF  2, "compression_algorithm_client_to_server "
+        stdcall sshlib_algo_find_match, ssh_msg_kex.compression_algorithms_client_to_server, algorithms_compression
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_compr_tx], eax
+
+        DEBUGF  2, "compression_algorithm_server_to_client "
+        stdcall sshlib_algo_find_match, ssh_msg_kex.compression_algorithms_server_to_client, algorithms_compression
+        test    eax, eax
+        jz      .err_no_algo
+        mov     [ebx + sshlib_connection.algo_compr_rx], eax
+
+        DEBUGF  2, "language_client_to_server "
+        stdcall sshlib_algo_find_match, ssh_msg_kex.languages_client_to_server, languages
+
+        DEBUGF  2, "language_server_to_client "
+        stdcall sshlib_algo_find_match, ssh_msg_kex.languages_server_to_client, languages

-        lea     esi, [esi + sshlib_connection.rx_buffer + sizeof.ssh_packet_header + 16]
-        lodsd
-        bswap   eax
-        DEBUGF  1, "kex_algorithms: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "server_host_key_algorithms: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "encryption_algorithms_client_to_server: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "encryption_algorithms_server_to_client: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "mac_algorithms_client_to_server: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "mac_algorithms_server_to_client: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "compression_algorithms_client_to_server: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "compression_algorithms_server_to_client: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "languages_client_to_server: %s\n", esi
-        add     esi, eax
-        lodsd
-        bswap   eax
-        DEBUGF  1, "languages_server_to_client: %s\n", esi
-        add     esi, eax
        lodsb
-        DEBUGF  1, "KEX First Packet Follows: %u\n", al
-
-; TODO: parse this structure and set algorithm codes accordingly
-; FIXME: hardcoded for now
-        mov     esi, [con_ptr]
-        mov     [esi+sshlib_connection.algo_kex], SSHLIB_KEX_DH_SHA256
-        mov     [esi+sshlib_connection.algo_hostkey], SSHLIB_HOSTKEY_RSA
-        mov     [esi+sshlib_connection.algo_crypt_rx], SSHLIB_CRYPT_AES256_CTR
-        mov     [esi+sshlib_connection.algo_crypt_tx], SSHLIB_CRYPT_AES256_CTR  ; SSHLIB_CRYPT_CHACHA20_POLY1305
-        mov     [esi+sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_256_ETM
-        mov     [esi+sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_256_ETM
-        mov     [esi+sshlib_connection.algo_compr_rx], SSHLIB_ALGO_NONE
-        mov     [esi+sshlib_connection.algo_compr_tx], SSHLIB_ALGO_NONE
+        DEBUGF  2, "KEX First Packet Follows: %u\n", al

 ; HASH: string I_S, the payload of the servers's SSH_MSG_KEXINIT
        mov     esi, [con_ptr]
-        mov     eax, [esi+sshlib_connection.rx_buffer.packet_length]
-        movzx   ebx, [esi+sshlib_connection.rx_buffer.padding_length]
+        mov     eax, [esi + sshlib_connection.rx_buffer.packet_length]
+        movzx   ebx, [esi + sshlib_connection.rx_buffer.padding_length]
        sub     eax, ebx
        dec     eax
        lea     edx, [eax+4]
        bswap   eax
-        lea     esi, [esi+sshlib_connection.rx_buffer+1]
+        lea     esi, [esi + sshlib_connection.rx_buffer+1]
        mov     dword[esi], eax
        invoke  sha2_256.update, [ctx_ptr], esi, edx

 ; Exchange keys with the server

+        mov     ebx, [con_ptr]
+        cmp     [ebx + sshlib_connection.algo_kex], SSHLIB_KEX_DH_SHA256        ; only kex algo supported for now
+        jne     .err_no_algo
+
        stdcall sshlib_dh_gex, [con_ptr]
        test    eax, eax
        jnz     .err
@@ -323,13 +329,13 @@ endl


  .have_rx_crypt:
-        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_256
+        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_MAC_HMAC_SHA2_256
        je      .rx_hmac_sha2_256
-        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_512
+        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_MAC_HMAC_SHA2_512
        je      .rx_hmac_sha2_512
-        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_256_ETM
+        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_MAC_HMAC_SHA2_256_ETM
        je      .rx_hmac_sha2_256_etm
-        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_HMAC_SHA2_512_ETM
+        cmp     [ebx + sshlib_connection.algo_mac_rx], SSHLIB_MAC_HMAC_SHA2_512_ETM
        je      .rx_hmac_sha2_512_etm

        jmp     .err_proto
@@ -403,13 +409,13 @@ endl


  .have_tx_crypt:
-        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_256
+        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_MAC_HMAC_SHA2_256
        je      .tx_hmac_sha2_256
-        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_512
+        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_MAC_HMAC_SHA2_512
        je      .tx_hmac_sha2_512
-        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_256_ETM
+        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_MAC_HMAC_SHA2_256_ETM
        je      .tx_hmac_sha2_256_etm
-        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_HMAC_SHA2_512_ETM
+        cmp     [ebx + sshlib_connection.algo_mac_tx], SSHLIB_MAC_HMAC_SHA2_512_ETM
        je      .tx_hmac_sha2_512_etm

        jmp     .err_proto
@@ -445,7 +451,6 @@ endl

  .have_tx_crypt_and_mac:

-
 ; Re-seed RNG for padding bytes

        call    create_seed
@@ -454,6 +459,10 @@ endl
        xor     eax, eax
        ret

+  .err_no_algo:
+        mov     eax, SSHLIB_ERR_NO_ALGO
+        ret
+
  .err_hostname:
        mov     eax, SSHLIB_ERR_HOSTNAME
        ret
@@ -473,6 +482,144 @@ endp



+proc sshlib_algo_find_match uses ebx ecx edx edi, client_str, algo_list
+
+locals
+        server_str      dd ?
+        next_str        dd ?
+        current         dd ?
+endl
+
+        lodsd
+        mov     [server_str], esi
+        bswap   eax
+        lea     ecx, [esi + eax]
+        mov     [next_str], ecx
+
+        mov     edi, [client_str]
+        mov     edx, dword[edi]
+        bswap   edx
+        add     edi, 4
+        add     edx, edi        ; end of string
+
+  .go:
+        mov     [current], edi
+  .cmp:
+        cmp     esi, ecx
+        jae     .end_of_s
+        mov     al, byte[esi]
+        inc     esi
+  .cmp_1:
+        cmp     edi, edx
+        jae     .end_of_c
+        mov     bl, byte[edi]
+        inc     edi
+  .cmp_2:
+        cmp     al, bl
+        jne     .mismatch
+
+        cmp     al, ','
+        jne     .cmp
+
+; algo matches, print it to debug board
+        DEBUGF  2, "= "
+        mov     edi, [current]
+  @@:
+        cmp     edi, edx
+        jae     @f
+        mov     cl, byte[edi]
+        cmp     cl, ','
+        je      @f
+        mcall   63, 1
+        inc     edi
+        jmp     @r
+  @@:
+;        mcall   63, 1, 10       ; print newline
+
+; and now find it in algo list
+        mov     esi, [algo_list]
+  .algo_loop:
+        mov     edi, [current]
+        lodsd
+        mov     ebx, eax        ; algo code
+        test    eax, eax
+        jz      .no_match
+
+  .algo_charloop:
+        lodsb
+        test    al, al
+        jz      .check_end
+        cmp     al, byte[edi]
+        jne     .next_algo
+        inc     edi
+        cmp     edi, edx
+        jb      .algo_charloop
+; we reached end of input, check end of algo token
+        cmp     byte[esi], 0
+        je      .algo_match
+        jmp     .next_algo
+; we reached end of algo token, check end of input
+  .check_end:
+        cmp     byte[edi], ','
+        je      .algo_match
+
+  .next_algo_loop:
+        lodsb
+  .next_algo:
+        test    al, al
+        jnz     .next_algo_loop
+        jmp     .algo_loop
+
+  .algo_match:
+        mov     eax, ebx
+        mov     esi, [next_str]
+        DEBUGF  2," (%u)\n", eax
+        ret
+
+  .end_of_s:
+        mov     al, ','
+        jmp     .cmp_1
+
+  .end_of_c:
+        mov     bl, ','
+        jmp     .cmp_2
+
+  .mismatch:
+; character mismatch, reset client str and go to next server token
+        mov     edi, [current]
+  @@:
+        mov     al, byte[esi]
+        inc     esi
+
+        cmp     al, ','
+        je      .cmp
+
+        cmp     esi, ecx
+        jb      @r
+
+; end of server str, reset it and go to next client token
+        mov     esi, [server_str]
+  @@:
+        mov     bl, byte[edi]
+        inc     edi
+
+        cmp     bl, ','
+        je     .go
+
+        cmp     edi, edx
+        jb      @r
+
+; end of client str, no match found
+  .no_match:
+        xor     eax, eax
+        mov     esi, [next_str]
+        DEBUGF  2," (%u)\n", eax
+        ret
+
+endp
+
+
+

 ; Handle common messages and return to caller for specific ones
 proc sshlib_msg_handler, con_ptr, flags