Board.KolibriOS.org

Official KolibriOS board
It is currently Sun Dec 05, 2021 10:41 pm

All times are UTC+03:00




Post new topic  Reply to topic  [ 19 posts ]  Go to page 1 2 Next
Author Message
 Post subject: SSH client
PostPosted: Sat May 07, 2016 1:55 pm 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1313
Here you can find an overview of the development of a native SSH client for KolibriOS.

minimal TODO before inclusion in the nightbuild image.
    * Montgomery multiplication for Modular Exponentiation.
    * Move multi-precision math routines to separate library.
    * Automatic switching of SSH algorithms (encryption, MAC etc.)
    * Implement and test re-keying
    * Fix and test channel window byte counters

Nice to have:
    * More encryption algorithms (ChaCha20, AES-GCM)
    * Proper channel de-multiplexing (so we can add port forwarding and maybe even SFTP)
    * More host authentication algorithms
    * Public key user authentication

Security TODO:
    * Improve PRNG algorithm and seeding
    * Side channel attack mitigations in multi-precision math routines
    * Test for information 'leaks' (all passwords, keys etc should be cleared from memory after usage)
    * ...

Done:
    * SSH transport routines with MAC and encryption (currently only AES256-CTR with SHA2-256)
    * Diffie-Hellman key exchange
    * Host authentication (RSA with SHA1, SHA2-256 or SHA2-512)
    * Public key storage for known remote hosts
    * User authentication (with user and password)
    * Shell

For those brave enough to test but not to assemble, latest binaries can be gotten from the build server:
https://builds.kolibrios.org/eng/data/p ... rk/ssh/ssh
https://builds.kolibrios.org/eng/data/p ... bcrash.obj
https://builds.kolibrios.org/eng/data/p ... onsole.obj

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
 Post subject: Re: SSH client
PostPosted: Sat May 07, 2016 4:20 pm 
Offline
Mentor

Joined: Tue Mar 11, 2014 11:37 am
Posts: 184
Well Done!

I hope, We will get SSH soon :)

_________________
---
Check out the Netsurf Web Browser for KolibriOS.
Read the wiki and happy hacking with KolibriOS!


Top
   
 Post subject: Re: SSH client
PostPosted: Sun May 08, 2016 1:36 am 
Offline
Mentor/Kernel Developer
User avatar

Joined: Thu Mar 26, 2015 5:16 pm
Posts: 1282
Quote:
Math enthusiasts may certainly improve current modular exponentiation routines.
Which routines? Can you test performance, to make sure it will not become worse?


Last edited by Pathoswithin on Mon May 09, 2016 12:36 am, edited 1 time in total.

Top
   
 Post subject: Re: SSH client
PostPosted: Sun May 08, 2016 3:23 pm 
Offline
KSoC/GSoC Student
User avatar

Joined: Fri Mar 04, 2016 6:19 pm
Posts: 23
Good news!! :)
Also good news for development of TLS library :wink:

_________________
Kolibri <3


Top
   
 Post subject: Re: SSH client
PostPosted: Sun May 08, 2016 10:37 pm 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1313
Quote:
Which routines? Can you test performance, to make sure it will not become worse?

I'm talking about the multi precision math routines in mpint.inc

It comes with a demo/test program (modexp.asm) which may easily be enhanced to measure time a certain calculation takes.

One of the things is; now almost every math routine is hard-coded to work on 'MAX_BITS' bits, while the true length of a number will be less in reality. This now requires extra zeros, extra calculations and more space, but easier routines.

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
 Post subject: Re: SSH client
PostPosted: Mon May 09, 2016 1:58 am 
Offline
Mentor/Kernel Developer
User avatar

Joined: Thu Mar 26, 2015 5:16 pm
Posts: 1282
So, the main routine is mpint_modexp? And why do you think these routines can be much improved? Do we even need more performance?


Top
   
 Post subject: Re: SSH client
PostPosted: Mon May 09, 2016 5:23 am 
Offline
Mentor

Joined: Tue Mar 11, 2014 11:37 am
Posts: 184
Pathoswithin wrote:
So, the main routine is mpint_modexp? And why do you think these routines can be much improved? Do we even need more performance?


We _always_ need more performance. It is especially useful in libraries because a lot of userspace programs might use it in the future and the library shouldnt be a bottleneck.

_________________
---
Check out the Netsurf Web Browser for KolibriOS.
Read the wiki and happy hacking with KolibriOS!


Top
   
 Post subject: Re: SSH client
PostPosted: Mon May 09, 2016 9:21 pm 
Offline
Mentor/Kernel Developer
User avatar

Joined: Thu Mar 26, 2015 5:16 pm
Posts: 1282
If I understand correctly, these routines will be used for key encryption, not the data itself? In that case, their part will be miserable.
Maybe I can improve mpint_mul routine, but test shows clearly, that the bottleneck is mpint_mod, and I doubt something can be done with it.


Attachments:
modexp.asm [2.88 KiB]
Downloaded 237 times
Top
   
 Post subject: Re: SSH client
PostPosted: Tue May 10, 2016 7:40 am 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1313
The modular exponentiation is required during key exchange, this is at connection time, but also later while re-keying after x bytes of data or x hours have passed.

I hear that the use of Karatsuba multiplication algorithm and or Montgomery reduction algorithm may be useful.

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
 Post subject: Re: SSH client
PostPosted: Wed May 11, 2016 5:12 pm 
Offline

Joined: Wed May 18, 2005 7:27 pm
Posts: 1001
Not found topic about TLS, so put this link http://www.gnutls.org/ here (http://permalink.gmane.org/gmane.networ ... neral/4127 http://www.opennet.ru/opennews/art.shtml?num=44393)


Top
   
 Post subject: Re: SSH client
PostPosted: Tue Jul 20, 2021 11:17 pm 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1313
#9070, almost useable..

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
 Post subject: Re: SSH client
PostPosted: Wed Jul 21, 2021 6:05 am 
Offline
Mentor
User avatar

Joined: Mon Oct 19, 2009 10:58 am
Posts: 704
Congratulations!

How many years did it take to publish this MVP?
How many side projects did you have to implement to actually start working on SSH protocol itself?


Top
   
 Post subject: Re: SSH client
PostPosted: Wed Jul 21, 2021 11:29 am 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1313
Dunkaist: It is quite the question! I'll try to give a sensible answer without boring all possible readers :)

Actually, when I started working on KolibriOS project, I just wanted to write some network programs.
Soon I got frustrated with the capabilities of the then current network stack and started rewrite of the network stack. (#1)
One thing led to another, and many hours and lines of code later, it got merged into trunk and development is still ongoing.
(The scope of this 'side project' is hard to explain, it involved rewrite of everything network related: applications, drivers, protocol handlers and all glue in between.)

For SSH client specific, of course some encryption related components are needed.
We are building on the work of giants here, so no need to invent anything, I just wanted a clean implementation in FASM of the needed components.
I did not have to write any block ciphers (thanks to Dunkaist for AES, Echo for BlowFish, and possibly others)
but did write some code for the block chaining (CBC/CTR/..) (#2)
During Google Summer of Code 2016 I mentored a student by the name of Denis Karpenko who worked on TLS for KolibriOS. (#3)
One of the lasting outcomes of this is the implementation of HMAC written mostly by Denis. (With SHA256, SHA1 and MD5 from libcrash, developed by you guessed it: Dunkaist)
But then, the real pain for me.. Modular Exponentiation of large integers needed for Diffie-Hellman handshake. (#4)
This code has been written from scratch and pushed me out of my comfort zone.
Only some days ago, I admitted to myself that testing mathematical code like this is impossible 'in-place'.
You need test vectors, and preferably a lot of them. So I found some we could use, applied them and fixed the code. (#5)
To be honest, the writing of test program felt like a boring side project, but it is absolutely necessary and was very satisfying to see it PASS!

I must have forgotten at least half the story, but this might give an impression.
I really should fix some issues with PRNG now before someone actually decides to use this :)

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Last edited by hidnplayr on Wed Jul 21, 2021 6:06 pm, edited 1 time in total.

Top
   
 Post subject: Re: SSH client
PostPosted: Wed Jul 21, 2021 7:05 pm 
Offline
Designer
User avatar

Joined: Thu Jan 25, 2007 3:33 pm
Posts: 5600
Wow, that was an interesting reading,
and you did a great job passing a long way!

_________________
Per aspera ad astra


Top
   
 Post subject: Re: SSH client
PostPosted: Mon Aug 02, 2021 9:45 pm 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1313
Version 0.05 #9106. Quite useable.
(Requires latest revision of console.obj)


Attachments:
VirtualBox_KolibriOS_31_07_2021_21_40_33.png
VirtualBox_KolibriOS_31_07_2021_21_40_33.png [ 16.92 KiB | Viewed 1618 times ]
VirtualBox_KolibriOS_31_07_2021_21_40_25.png
VirtualBox_KolibriOS_31_07_2021_21_40_25.png [ 17.74 KiB | Viewed 1618 times ]
VirtualBox_KolibriOS_31_07_2021_21_40_09.png
VirtualBox_KolibriOS_31_07_2021_21_40_09.png [ 11.49 KiB | Viewed 1618 times ]

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein
Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 19 posts ]  Go to page 1 2 Next

All times are UTC+03:00


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Limited