Add support for RSA host authentication with SHA2-512 algorithm.

git-svn-id: svn://kolibrios.org@9114 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
hidnplayr 2021-08-04 10:40:43 +00:00
parent 2b094111e9
commit 9a1e9333b3
2 changed files with 39 additions and 4 deletions

View File

@ -481,7 +481,7 @@ str24b db 10, 10, "If you trust this host, press A to accept and store the (new
ssh_ident_ha: ssh_ident_ha:
dd_n (ssh_msg_ident.length-2) dd_n (ssh_msg_ident.length-2)
ssh_msg_ident: ssh_msg_ident:
db "SSH-2.0-KolibriOS_SSH_0.07",13,10 db "SSH-2.0-KolibriOS_SSH_0.08",13,10
.length = $ - ssh_msg_ident .length = $ - ssh_msg_ident
@ -492,7 +492,7 @@ ssh_msg_kex:
.kex_algorithms: .kex_algorithms:
str "diffie-hellman-group-exchange-sha256" ; diffie-hellman-group-exchange-sha1 str "diffie-hellman-group-exchange-sha256" ; diffie-hellman-group-exchange-sha1
.server_host_key_algorithms: .server_host_key_algorithms:
str "rsa-sha2-256,ssh-rsa" ;,ssh-dss str "rsa-sha2-512,rsa-sha2-256,ssh-rsa" ;,ssh-dss
.encryption_algorithms_client_to_server: .encryption_algorithms_client_to_server:
str "aes256-ctr" ;,aes256-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128" str "aes256-ctr" ;,aes256-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128"
.encryption_algorithms_server_to_client: .encryption_algorithms_server_to_client:
@ -615,6 +615,9 @@ import console, \
con_get_input, 'con_get_input' con_get_input, 'con_get_input'
import libcrash, \ import libcrash, \
sha512_init, 'sha512_init', \
sha512_update, 'sha512_update', \
sha512_final, 'sha512_final',\
sha256_init, 'sha256_init', \ sha256_init, 'sha256_init', \
sha256_update, 'sha256_update', \ sha256_update, 'sha256_update', \
sha256_final, 'sha256_final',\ sha256_final, 'sha256_final',\

View File

@ -197,8 +197,8 @@ endl
jne .not_sha2 jne .not_sha2
cmp dword[esi+16], '-256' cmp dword[esi+16], '-256'
je .sha2_256 je .sha2_256
; cmp dword[esi+16], '-512' cmp dword[esi+16], '-512'
; je .sha2_512 je .sha2_512
.not_sha2: .not_sha2:
jmp .err_signature jmp .err_signature
@ -263,6 +263,36 @@ endl
pop esi pop esi
jmp .rsa jmp .rsa
.sha2_512:
DEBUGF 3, "SSH: Using RSA with SHA2-512 hash\n"
add esi, 4+4+12
push esi
; EMSA-PKCS1-v1_5
invoke sha512_init, [h_ctx]
invoke sha512_update, [h_ctx], [M], [message_len]
invoke sha512_final, [h_ctx]
mov edi, [EM_accent]
mov al, 0x00
stosb
mov al, 0x01
stosb
mov ecx, 256 - (rsa_sha512_T.len + 3 + SHA512_HASH_SIZE)
mov al, 0xff
rep stosb
mov al, 0x00
stosb
mov esi, rsa_sha512_T
mov ecx, rsa_sha512_T.len
rep movsb
mov esi, [h_ctx]
mov ecx, SHA512_HASH_SIZE
rep movsb
pop esi
jmp .rsa
.rsa: .rsa:
; RSA signature blob ; RSA signature blob
stdcall mpint_to_little_endian, [mpint_s], esi stdcall mpint_to_little_endian, [mpint_s], esi
@ -381,6 +411,8 @@ iglobal
.len = $ - rsa_sha1_T .len = $ - rsa_sha1_T
rsa_sha256_T db 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 rsa_sha256_T db 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
.len = $ - rsa_sha256_T .len = $ - rsa_sha256_T
rsa_sha512_T db 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
.len = $ - rsa_sha512_T
ssh_rsa_sz db 'ssh-rsa', 0 ssh_rsa_sz db 'ssh-rsa', 0
endg endg