From 9a1e9333b324096988e28a9ecab0b5fb9ce34fb5 Mon Sep 17 00:00:00 2001 From: hidnplayr Date: Wed, 4 Aug 2021 10:40:43 +0000 Subject: [PATCH] Add support for RSA host authentication with SHA2-512 algorithm. git-svn-id: svn://kolibrios.org@9114 a494cfbc-eb01-0410-851d-a64ba20cac60 --- programs/network/ssh/ssh.asm | 7 ++++-- programs/network/ssh/sshlib_host.inc | 36 ++++++++++++++++++++++++++-- 2 files changed, 39 insertions(+), 4 deletions(-) diff --git a/programs/network/ssh/ssh.asm b/programs/network/ssh/ssh.asm index eb7a38d414..740bb4dcd1 100644 --- a/programs/network/ssh/ssh.asm +++ b/programs/network/ssh/ssh.asm @@ -481,7 +481,7 @@ str24b db 10, 10, "If you trust this host, press A to accept and store the (new ssh_ident_ha: dd_n (ssh_msg_ident.length-2) ssh_msg_ident: - db "SSH-2.0-KolibriOS_SSH_0.07",13,10 + db "SSH-2.0-KolibriOS_SSH_0.08",13,10 .length = $ - ssh_msg_ident @@ -492,7 +492,7 @@ ssh_msg_kex: .kex_algorithms: str "diffie-hellman-group-exchange-sha256" ; diffie-hellman-group-exchange-sha1 .server_host_key_algorithms: - str "rsa-sha2-256,ssh-rsa" ;,ssh-dss + str "rsa-sha2-512,rsa-sha2-256,ssh-rsa" ;,ssh-dss .encryption_algorithms_client_to_server: str "aes256-ctr" ;,aes256-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128" .encryption_algorithms_server_to_client: @@ -615,6 +615,9 @@ import console, \ con_get_input, 'con_get_input' import libcrash, \ + sha512_init, 'sha512_init', \ + sha512_update, 'sha512_update', \ + sha512_final, 'sha512_final',\ sha256_init, 'sha256_init', \ sha256_update, 'sha256_update', \ sha256_final, 'sha256_final',\ diff --git a/programs/network/ssh/sshlib_host.inc b/programs/network/ssh/sshlib_host.inc index 9261210c4e..919af60f9a 100644 --- a/programs/network/ssh/sshlib_host.inc +++ b/programs/network/ssh/sshlib_host.inc @@ -197,8 +197,8 @@ endl jne .not_sha2 cmp dword[esi+16], '-256' je .sha2_256 -; cmp dword[esi+16], '-512' -; je .sha2_512 + cmp dword[esi+16], '-512' + je .sha2_512 .not_sha2: jmp .err_signature @@ -263,6 +263,36 @@ endl pop esi jmp .rsa + .sha2_512: + DEBUGF 3, "SSH: Using RSA with SHA2-512 hash\n" + add esi, 4+4+12 + push esi + +; EMSA-PKCS1-v1_5 + invoke sha512_init, [h_ctx] + invoke sha512_update, [h_ctx], [M], [message_len] + invoke sha512_final, [h_ctx] + + mov edi, [EM_accent] + mov al, 0x00 + stosb + mov al, 0x01 + stosb + mov ecx, 256 - (rsa_sha512_T.len + 3 + SHA512_HASH_SIZE) + mov al, 0xff + rep stosb + mov al, 0x00 + stosb + mov esi, rsa_sha512_T + mov ecx, rsa_sha512_T.len + rep movsb + mov esi, [h_ctx] + mov ecx, SHA512_HASH_SIZE + rep movsb + + pop esi + jmp .rsa + .rsa: ; RSA signature blob stdcall mpint_to_little_endian, [mpint_s], esi @@ -381,6 +411,8 @@ iglobal .len = $ - rsa_sha1_T rsa_sha256_T db 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 .len = $ - rsa_sha256_T + rsa_sha512_T db 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 + .len = $ - rsa_sha512_T ssh_rsa_sz db 'ssh-rsa', 0 endg