#lang racket/base ;; ;;; Copyright 2010, 2011, 2012, 2013 Tony Garnock-Jones ;;; ;;; This file is part of marketplace-ssh. ;;; ;;; marketplace-ssh is free software: you can redistribute it and/or ;;; modify it under the terms of the GNU General Public License as ;;; published by the Free Software Foundation, either version 3 of the ;;; License, or (at your option) any later version. ;;; ;;; marketplace-ssh is distributed in the hope that it will be useful, ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ;;; General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with marketplace-ssh. If not, see ;;; . (require "mapping.rkt") (provide (all-defined-out)) ;; I know, I know ;; Assigned numbers, from RFCs 4250 and 4344. ;; Protocol packets have message numbers in the range 1 to 255. These ;; numbers are allocated as follows: ;; ;; Transport layer protocol: ;; ;; 1 to 19 Transport layer generic (e.g., disconnect, ignore, ;; debug, etc.) ;; 20 to 29 Algorithm negotiation ;; 30 to 49 Key exchange method specific (numbers can be reused ;; for different authentication methods) ;; ;; User authentication protocol: ;; ;; 50 to 59 User authentication generic ;; 60 to 79 User authentication method specific (numbers can be ;; reused for different authentication methods) ;; ;; Connection protocol: ;; ;; 80 to 89 Connection protocol generic ;; 90 to 127 Channel related messages ;; ;; Reserved for client protocols: ;; ;; 128 to 191 Reserved ;; ;; Local extensions: ;; ;; 192 to 255 Local extensions (define (ssh-msg-type-transport-layer? msg-type) (>= 49 msg-type 1)) (define (ssh-msg-type-transport-layer-generic? msg-type) (>= 19 msg-type 1)) (define (ssh-msg-type-transport-layer-algorithm-negotiation? msg-type) (>= 29 msg-type 20)) (define (ssh-msg-type-transport-layer-key-exchange? msg-type) (>= 49 msg-type 30)) (define (ssh-msg-type-authentication? msg-type) (>= 79 msg-type 50)) (define (ssh-msg-type-authentication-generic? msg-type) (>= 59 msg-type 50)) (define (ssh-msg-type-authentication-specific? msg-type) (>= 79 msg-type 60)) (define (ssh-msg-type-connection? msg-type) (>= 127 msg-type 80)) (define (ssh-msg-type-connection-generic? msg-type) (>= 89 msg-type 80)) (define (ssh-msg-type-connection-channel? msg-type) (>= 127 msg-type 90)) (define (ssh-msg-type-client? msg-type) (>= 191 msg-type 128)) (define (ssh-msg-type-local? msg-type) (>= 255 msg-type 192)) ;;; SSH message type IDs. ;; ;; Message ID Value Reference ;; ----------- ----- --------- (define SSH_MSG_DISCONNECT 1) ;[SSH-TRANS] (define SSH_MSG_IGNORE 2) ;[SSH-TRANS] (define SSH_MSG_UNIMPLEMENTED 3) ;[SSH-TRANS] (define SSH_MSG_DEBUG 4) ;[SSH-TRANS] (define SSH_MSG_SERVICE_REQUEST 5) ;[SSH-TRANS] (define SSH_MSG_SERVICE_ACCEPT 6) ;[SSH-TRANS] (define SSH_MSG_KEXINIT 20) ;[SSH-TRANS] (define SSH_MSG_NEWKEYS 21) ;[SSH-TRANS] (define SSH_MSG_KEXDH_INIT 30) ;RFC 4253 errata (define SSH_MSG_KEXDH_REPLY 31) ;RFC 4253 errata (define SSH_MSG_USERAUTH_REQUEST 50) ;[SSH-USERAUTH] (define SSH_MSG_USERAUTH_FAILURE 51) ;[SSH-USERAUTH] (define SSH_MSG_USERAUTH_SUCCESS 52) ;[SSH-USERAUTH] (define SSH_MSG_USERAUTH_BANNER 53) ;[SSH-USERAUTH] (define SSH_MSG_GLOBAL_REQUEST 80) ;[SSH-CONNECT] (define SSH_MSG_REQUEST_SUCCESS 81) ;[SSH-CONNECT] (define SSH_MSG_REQUEST_FAILURE 82) ;[SSH-CONNECT] (define SSH_MSG_CHANNEL_OPEN 90) ;[SSH-CONNECT] (define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 91) ;[SSH-CONNECT] (define SSH_MSG_CHANNEL_OPEN_FAILURE 92) ;[SSH-CONNECT] (define SSH_MSG_CHANNEL_WINDOW_ADJUST 93) ;[SSH-CONNECT] (define SSH_MSG_CHANNEL_DATA 94) ;[SSH-CONNECT] (define SSH_MSG_CHANNEL_EXTENDED_DATA 95) ;[SSH-CONNECT] (define SSH_MSG_CHANNEL_EOF 96) ;[SSH-CONNECT] (define SSH_MSG_CHANNEL_CLOSE 97) ;[SSH-CONNECT] (define SSH_MSG_CHANNEL_REQUEST 98) ;[SSH-CONNECT] (define SSH_MSG_CHANNEL_SUCCESS 99) ;[SSH-CONNECT] (define SSH_MSG_CHANNEL_FAILURE 100) ;[SSH-CONNECT] ;; The following table identifies the initial assignments of the ;; SSH_MSG_DISCONNECT 'description' and 'reason code' values. ;; ;; Symbolic Name reason code ;; ------------- ----------- (define SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1) (define SSH_DISCONNECT_PROTOCOL_ERROR 2) (define SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3) (define SSH_DISCONNECT_RESERVED 4) (define SSH_DISCONNECT_MAC_ERROR 5) (define SSH_DISCONNECT_COMPRESSION_ERROR 6) (define SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7) (define SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8) (define SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9) (define SSH_DISCONNECT_CONNECTION_LOST 10) (define SSH_DISCONNECT_BY_APPLICATION 11) (define SSH_DISCONNECT_TOO_MANY_CONNECTIONS 12) (define SSH_DISCONNECT_AUTH_CANCELLED_BY_USER 13) (define SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14) (define SSH_DISCONNECT_ILLEGAL_USER_NAME 15) ;; The initial assignments for the 'reason code' values and ;; 'description' values are given in the table below. Note that the ;; values for the 'reason code' are given in decimal format for ;; readability, but they are actually uint32 values. ;; ;; Symbolic Name reason code ;; ------------- ----------- (define SSH_OPEN_ADMINISTRATIVELY_PROHIBITED 1) (define SSH_OPEN_CONNECT_FAILED 2) (define SSH_OPEN_UNKNOWN_CHANNEL_TYPE 3) (define SSH_OPEN_RESOURCE_SHORTAGE 4) ;; The initial assignments for the 'data_type_code' values and 'data' ;; values are given in the table below. Note that the value for the ;; 'data_type_code' is given in decimal format for readability, but the ;; values are actually uint32 values. ;; ;; Symbolic name data_type_code ;; ------------- -------------- (define SSH_EXTENDED_DATA_STDERR 1) ;; The following table identifies the initial assignments of the opcode ;; values that are used in the 'encoded terminal modes' value. (define-mapping integer->terminal-mode-opcode terminal-mode-opcode->integer #:forward-default values #:backward-default values ;; opcode mnemonic description ;; ------ -------- ----------- (0 TTY_OP_END);Indicates end of options. (1 VINTR) ;Interrupt character; 255 if none. Similarly ; for the other characters. Not all of these ; characters are supported on all systems. (2 VQUIT) ;The quit character (sends SIGQUIT signal on ; POSIX systems). (3 VERASE) ;Erase the character to left of the cursor. (4 VKILL) ;Kill the current input line. (5 VEOF) ;End-of-file character (sends EOF from the ; terminal). (6 VEOL) ;End-of-line character in addition to ; carriage return and/or linefeed. (7 VEOL2) ;Additional end-of-line character. (8 VSTART) ;Continues paused output (normally ; control-Q). (9 VSTOP) ;Pauses output (normally control-S). (10 VSUSP) ;Suspends the current program. (11 VDSUSP) ;Another suspend character. (12 VREPRINT) ;Reprints the current input line. (13 VWERASE) ;Erases a word left of cursor. (14 VLNEXT) ;Enter the next character typed literally, ; even if it is a special character (15 VFLUSH) ;Character to flush output. (16 VSWTCH) ;Switch to a different shell layer. (17 VSTATUS) ;Prints system status line (load, command, ; pid, etc). (18 VDISCARD) ;Toggles the flushing of terminal output. (30 IGNPAR) ;The ignore parity flag. The parameter ; SHOULD be 0 if this flag is FALSE, ; and 1 if it is TRUE. (31 PARMRK) ;Mark parity and framing errors. (32 INPCK) ;Enable checking of parity errors. (33 ISTRIP) ;Strip 8th bit off characters. (34 INLCR) ;Map NL into CR on input. (35 IGNCR) ;Ignore CR on input. (36 ICRNL) ;Map CR to NL on input. (37 IUCLC) ;Translate uppercase characters to ; lowercase. (38 IXON) ;Enable output flow control. (39 IXANY) ;Any char will restart after stop. (40 IXOFF) ;Enable input flow control. (41 IMAXBEL) ;Ring bell on input queue full. (50 ISIG) ;Enable signals INTR, QUIT, [D]SUSP. (51 ICANON) ;Canonicalize input lines. (52 XCASE) ;Enable input and output of uppercase ; characters by preceding their lowercase ; equivalents with "\". (53 ECHO) ;Enable echoing. (54 ECHOE) ;Visually erase chars. (55 ECHOK) ;Kill character discards current line. (56 ECHONL) ;Echo NL even if ECHO is off. (57 NOFLSH) ;Don't flush after interrupt. (58 TOSTOP) ;Stop background jobs from output. (59 IEXTEN) ;Enable extensions. (60 ECHOCTL) ;Echo control characters as ^(Char). (61 ECHOKE) ;Visual erase for line kill. (62 PENDIN) ;Retype pending input. (70 OPOST) ;Enable output processing. (71 OLCUC) ;Convert lowercase to uppercase. (72 ONLCR) ;Map NL to CR-NL. (73 OCRNL) ;Translate carriage return to newline ; (output). (74 ONOCR) ;Translate newline to carriage ; return-newline (output). (75 ONLRET) ;Newline performs a carriage return ; (output). (90 CS7) ;7 bit mode. (91 CS8) ;8 bit mode. (92 PARENB) ;Parity enable. (93 PARODD) ;Odd parity, else even. (128 TTY_OP_ISPEED);Specifies the input baud rate in ; bits per second. (129 TTY_OP_OSPEED);Specifies the output baud rate in ; bits per second. ) ;; The 'service name' is used to describe a protocol layer. The ;; following table lists the initial assignments of the 'service name' ;; values. (define ssh-service-names '( ;; Service Name Reference ;; ------------- --------- ssh-userauth ;[SSH-USERAUTH] ssh-connection ;[SSH-CONNECT] )) ;; The Authentication Method Name is used to describe an authentication ;; method for the "ssh-userauth" service [SSH-USERAUTH]. The following ;; table identifies the initial assignments of the Authentication Method ;; Names. (define ssh-authentication-method-names '( ;; Method Name Reference ;; ------------ --------- publickey ;[SSH-USERAUTH, Section 7] password ;[SSH-USERAUTH, Section 8] hostbased ;[SSH-USERAUTH, Section 9] none ;[SSH-USERAUTH, Section 5.2] )) ;; The following table lists the initial assignments of the Connection ;; Protocol Channel Types. (define ssh-channel-type-names '( ;; Channel type Reference ;; ------------ --------- session ;[SSH-CONNECT, Section 6.1] x11 ;[SSH-CONNECT, Section 6.3.2] forwarded-tcpip ;[SSH-CONNECT, Section 7.2] direct-tcpip ;[SSH-CONNECT, Section 7.2] )) ;; The following table lists the initial assignments of the Connection ;; Protocol Global Request Names. (define ssh-global-request-names '( ;; Request type Reference ;; ------------ --------- tcpip-forward ;[SSH-CONNECT, Section 7.1] cancel-tcpip-forward ;[SSH-CONNECT, Section 7.1] )) ;; The following table lists the initial assignments of the Connection ;; Protocol Channel Request Names. (define ssh-channel-request-names '( ;; Request type Reference ;; ------------ --------- pty-req ;[SSH-CONNECT, Section 6.2] x11-req ;[SSH-CONNECT, Section 6.3.1] env ;[SSH-CONNECT, Section 6.4] shell ;[SSH-CONNECT, Section 6.5] exec ;[SSH-CONNECT, Section 6.5] subsystem ;[SSH-CONNECT, Section 6.5] window-change ;[SSH-CONNECT, Section 6.7] xon-xoff ;[SSH-CONNECT, Section 6.8] signal ;[SSH-CONNECT, Section 6.9] exit-status ;[SSH-CONNECT, Section 6.10] exit-signal ;[SSH-CONNECT, Section 6.10] )) ;; The following table lists the initial assignments of the Signal ;; Names. (define ssh-signal-names '( ;; Signal Reference ;; ------ --------- ABRT ;[SSH-CONNECT] ALRM ;[SSH-CONNECT] FPE ;[SSH-CONNECT] HUP ;[SSH-CONNECT] ILL ;[SSH-CONNECT] INT ;[SSH-CONNECT] KILL ;[SSH-CONNECT] PIPE ;[SSH-CONNECT] QUIT ;[SSH-CONNECT] SEGV ;[SSH-CONNECT] TERM ;[SSH-CONNECT] USR1 ;[SSH-CONNECT] USR2 ;[SSH-CONNECT] )) ;; The following table identifies the initial assignments of the key ;; exchange methods. (define ssh-key-exchange-method-names '( ;; Method name Reference ;; ------------ --------- diffie-hellman-group1-sha1 ;[SSH-TRANS, Section 8.1] diffie-hellman-group14-sha1 ;[SSH-TRANS, Section 8.2] )) ;; The following table identifies the initial assignment of the ;; Encryption Algorithm Names. (define ssh-encryption-algorithm-names '( ;; Encryption Algorithm Name Reference ;; ------------------------- --------- 3des-cbc ;[SSH-TRANS, Section 6.3] blowfish-cbc ;[SSH-TRANS, Section 6.3] twofish256-cbc ;[SSH-TRANS, Section 6.3] twofish-cbc ;[SSH-TRANS, Section 6.3] twofish192-cbc ;[SSH-TRANS, Section 6.3] twofish128-cbc ;[SSH-TRANS, Section 6.3] aes256-cbc ;[SSH-TRANS, Section 6.3] aes192-cbc ;[SSH-TRANS, Section 6.3] aes128-cbc ;[SSH-TRANS, Section 6.3] serpent256-cbc ;[SSH-TRANS, Section 6.3] serpent192-cbc ;[SSH-TRANS, Section 6.3] serpent128-cbc ;[SSH-TRANS, Section 6.3] arcfour ;[SSH-TRANS, Section 6.3] idea-cbc ;[SSH-TRANS, Section 6.3] cast128-cbc ;[SSH-TRANS, Section 6.3] none ;[SSH-TRANS, Section 6.3] des-cbc ;[FIPS-46-3] HISTORIC; See ; page 4 of [FIPS-46-3] ;; (From RFC 4344): aes128-ctr ;RECOMMENDED AES (Rijndael) in SDCTR mode, ; with 128-bit key aes192-ctr ;RECOMMENDED AES with 192-bit key aes256-ctr ;RECOMMENDED AES with 256-bit key 3des-ctr ;RECOMMENDED Three-key 3DES in SDCTR mode blowfish-ctr ;OPTIONAL Blowfish in SDCTR mode twofish128-ctr ;OPTIONAL Twofish in SDCTR mode, ; with 128-bit key twofish192-ctr ;OPTIONAL Twofish with 192-bit key twofish256-ctr ;OPTIONAL Twofish with 256-bit key serpent128-ctr ;OPTIONAL Serpent in SDCTR mode, with ; 128-bit key serpent192-ctr ;OPTIONAL Serpent with 192-bit key serpent256-ctr ;OPTIONAL Serpent with 256-bit key idea-ctr ;OPTIONAL IDEA in SDCTR mode cast128-ctr ;OPTIONAL CAST-128 in SDCTR mode, ; with 128-bit key )) ;; The following table identifies the initial assignments of the MAC ;; Algorithm Names. (define ssh-mac-algorithm-names '( ;; MAC Algorithm Name Reference ;; ------------------ --------- hmac-sha1 ;[SSH-TRANS, Section 6.4] hmac-sha1-96 ;[SSH-TRANS, Section 6.4] hmac-md5 ;[SSH-TRANS, Section 6.4] hmac-md5-96 ;[SSH-TRANS, Section 6.4] none ;[SSH-TRANS, Section 6.4] )) ;; The following table identifies the initial assignments of the Public ;; Key Algorithm names. (define ssh-public-key-algorithm-names '( ;; Public Key Algorithm Name Reference ;; ------------------------- --------- ssh-dss ;[SSH-TRANS, Section 6.6] ssh-rsa ;[SSH-TRANS, Section 6.6] pgp-sign-rsa ;[SSH-TRANS, Section 6.6] pgp-sign-dss ;[SSH-TRANS, Section 6.6] )) ;; The following table identifies the initial assignments of the ;; Compression Algorithm names. (define ssh-compression-algorithm-names '( ;; Compression Algorithm Name Reference ;; -------------------------- --------- none ;[SSH-TRANS, Section 6.2] zlib ;[SSH-TRANS, Section 6.2] ))