Board.KolibriOS.org

Here you can find an overview of the development of a native SSH client for KolibriOS.

TODO before inclusion in the nightbuild image:

• Montgomery multiplication for Modular Exponentiation.
• Move multi-precision math routines to separate library.
• Implement and test re-keying
• Fix and test channel window byte counters

Nice to have:

• More supported algorithms such as AES-GCM, UMAC,.. (They are also needed for TLS 1.3)
• Proper channel de-multiplexing (so we can add port forwarding and maybe even SFTP)
• More host authentication algorithms
• Public key user authentication

Security TODO:

• Improve PRNG algorithm and seeding
• Side channel attack mitigations (in multi-precision math routines but also other places)
• Test for information 'leaks' (all passwords, keys etc should be cleared from memory after usage)
• ...

Some of the things already done:

• SSH transport routines with authentication and encryption (aes256-ctr, hmac-sha2-256,, hmac-sha2-256-etm, poly1305-chacha20, ..)
• Diffie-Hellman key exchange (group exchange with SHA2-256)
• Host authentication (RSA with SHA1, SHA2-256 or SHA2-512)
• Public key storage for known remote hosts
• User authentication (with user and password)
• Shell

For those brave enough to test but not to assemble, latest binaries can be gotten from the build server:
https://builds.kolibrios.org/eng/data/p ... rk/ssh/ssh
https://builds.kolibrios.org/eng/data/p ... bcrash.obj
https://builds.kolibrios.org/eng/data/p ... onsole.obj

Well Done!

I hope, We will get SSH soon

Math enthusiasts may certainly improve current modular exponentiation routines.

Which routines? Can you test performance, to make sure it will not become worse?

Good news!!
Also good news for development of TLS library

Which routines? Can you test performance, to make sure it will not become worse?

I'm talking about the multi precision math routines in mpint.inc

It comes with a demo/test program (modexp.asm) which may easily be enhanced to measure time a certain calculation takes.

One of the things is; now almost every math routine is hard-coded to work on 'MAX_BITS' bits, while the true length of a number will be less in reality. This now requires extra zeros, extra calculations and more space, but easier routines.

So, the main routine is mpint_modexp? And why do you think these routines can be much improved? Do we even need more performance?

Pathoswithin wrote:So, the main routine is mpint_modexp? And why do you think these routines can be much improved? Do we even need more performance?

We _always_ need more performance. It is especially useful in libraries because a lot of userspace programs might use it in the future and the library shouldnt be a bottleneck.

If I understand correctly, these routines will be used for key encryption, not the data itself? In that case, their part will be miserable.
Maybe I can improve mpint_mul routine, but test shows clearly, that the bottleneck is mpint_mod, and I doubt something can be done with it.

The modular exponentiation is required during key exchange, this is at connection time, but also later while re-keying after x bytes of data or x hours have passed.

I hear that the use of Karatsuba multiplication algorithm and or Montgomery reduction algorithm may be useful.

Not found topic about TLS, so put this link http://www.gnutls.org/ here (http://permalink.gmane.org/gmane.networ ... neral/4127 http://www.opennet.ru/opennews/art.shtml?num=44393)

#9070, almost useable..

Congratulations!

How many years did it take to publish this MVP?
How many side projects did you have to implement to actually start working on SSH protocol itself?

Dunkaist: It is quite the question! I'll try to give a sensible answer without boring all possible readers

Actually, when I started working on KolibriOS project, I just wanted to write some network programs.
Soon I got frustrated with the capabilities of the then current network stack and started rewrite of the network stack. (#1)
One thing led to another, and many hours and lines of code later, it got merged into trunk and development is still ongoing.
(The scope of this 'side project' is hard to explain, it involved rewrite of everything network related: applications, drivers, protocol handlers and all glue in between.)

For SSH client specific, of course some encryption related components are needed.
We are building on the work of giants here, so no need to invent anything, I just wanted a clean implementation in FASM of the needed components.
I did not have to write any block ciphers (thanks to Dunkaist for AES, Echo for BlowFish, and possibly others)
but did write some code for the block chaining (CBC/CTR/..) (#2)
During Google Summer of Code 2016 I mentored a student by the name of Denis Karpenko who worked on TLS for KolibriOS. (#3)
One of the lasting outcomes of this is the implementation of HMAC written mostly by Denis. (With SHA256, SHA1 and MD5 from libcrash, developed by you guessed it: Dunkaist)
But then, the real pain for me.. Modular Exponentiation of large integers needed for Diffie-Hellman handshake. (#4)
This code has been written from scratch and pushed me out of my comfort zone.
Only some days ago, I admitted to myself that testing mathematical code like this is impossible 'in-place'.
You need test vectors, and preferably a lot of them. So I found some we could use, applied them and fixed the code. (#5)
To be honest, the writing of test program felt like a boring side project, but it is absolutely necessary and was very satisfying to see it PASS!

I must have forgotten at least half the story, but this might give an impression.
I really should fix some issues with PRNG now before someone actually decides to use this

Wow, that was an interesting reading,
and you did a great job passing a long way!

Version 0.05 #9106. Quite useable.
(Requires latest revision of console.obj)