Historical interest only: marketplace-2014 implementation of SSH.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

396 lines
19 KiB

#lang racket/base
;;
;;; Copyright 2010, 2011, 2012, 2013 Tony Garnock-Jones <tonyg@ccs.neu.edu>
;;;
;;; This file is part of marketplace-ssh.
;;;
;;; marketplace-ssh is free software: you can redistribute it and/or
;;; modify it under the terms of the GNU General Public License as
;;; published by the Free Software Foundation, either version 3 of the
;;; License, or (at your option) any later version.
;;;
;;; marketplace-ssh is distributed in the hope that it will be useful,
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
;;; General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with marketplace-ssh. If not, see
;;; <http://www.gnu.org/licenses/>.
(require "mapping.rkt")
(provide (all-defined-out)) ;; I know, I know
;; Assigned numbers, from RFCs 4250 and 4344.
;; Protocol packets have message numbers in the range 1 to 255. These
;; numbers are allocated as follows:
;;
;; Transport layer protocol:
;;
;; 1 to 19 Transport layer generic (e.g., disconnect, ignore,
;; debug, etc.)
;; 20 to 29 Algorithm negotiation
;; 30 to 49 Key exchange method specific (numbers can be reused
;; for different authentication methods)
;;
;; User authentication protocol:
;;
;; 50 to 59 User authentication generic
;; 60 to 79 User authentication method specific (numbers can be
;; reused for different authentication methods)
;;
;; Connection protocol:
;;
;; 80 to 89 Connection protocol generic
;; 90 to 127 Channel related messages
;;
;; Reserved for client protocols:
;;
;; 128 to 191 Reserved
;;
;; Local extensions:
;;
;; 192 to 255 Local extensions
(define (ssh-msg-type-transport-layer? msg-type) (>= 49 msg-type 1))
(define (ssh-msg-type-transport-layer-generic? msg-type) (>= 19 msg-type 1))
(define (ssh-msg-type-transport-layer-algorithm-negotiation? msg-type) (>= 29 msg-type 20))
(define (ssh-msg-type-transport-layer-key-exchange? msg-type) (>= 49 msg-type 30))
(define (ssh-msg-type-authentication? msg-type) (>= 79 msg-type 50))
(define (ssh-msg-type-authentication-generic? msg-type) (>= 59 msg-type 50))
(define (ssh-msg-type-authentication-specific? msg-type) (>= 79 msg-type 60))
(define (ssh-msg-type-connection? msg-type) (>= 127 msg-type 80))
(define (ssh-msg-type-connection-generic? msg-type) (>= 89 msg-type 80))
(define (ssh-msg-type-connection-channel? msg-type) (>= 127 msg-type 90))
(define (ssh-msg-type-client? msg-type) (>= 191 msg-type 128))
(define (ssh-msg-type-local? msg-type) (>= 255 msg-type 192))
;;; SSH message type IDs.
;;
;; Message ID Value Reference
;; ----------- ----- ---------
(define SSH_MSG_DISCONNECT 1) ;[SSH-TRANS]
(define SSH_MSG_IGNORE 2) ;[SSH-TRANS]
(define SSH_MSG_UNIMPLEMENTED 3) ;[SSH-TRANS]
(define SSH_MSG_DEBUG 4) ;[SSH-TRANS]
(define SSH_MSG_SERVICE_REQUEST 5) ;[SSH-TRANS]
(define SSH_MSG_SERVICE_ACCEPT 6) ;[SSH-TRANS]
(define SSH_MSG_KEXINIT 20) ;[SSH-TRANS]
(define SSH_MSG_NEWKEYS 21) ;[SSH-TRANS]
(define SSH_MSG_KEXDH_INIT 30) ;RFC 4253 errata
(define SSH_MSG_KEXDH_REPLY 31) ;RFC 4253 errata
(define SSH_MSG_USERAUTH_REQUEST 50) ;[SSH-USERAUTH]
(define SSH_MSG_USERAUTH_FAILURE 51) ;[SSH-USERAUTH]
(define SSH_MSG_USERAUTH_SUCCESS 52) ;[SSH-USERAUTH]
(define SSH_MSG_USERAUTH_BANNER 53) ;[SSH-USERAUTH]
(define SSH_MSG_GLOBAL_REQUEST 80) ;[SSH-CONNECT]
(define SSH_MSG_REQUEST_SUCCESS 81) ;[SSH-CONNECT]
(define SSH_MSG_REQUEST_FAILURE 82) ;[SSH-CONNECT]
(define SSH_MSG_CHANNEL_OPEN 90) ;[SSH-CONNECT]
(define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 91) ;[SSH-CONNECT]
(define SSH_MSG_CHANNEL_OPEN_FAILURE 92) ;[SSH-CONNECT]
(define SSH_MSG_CHANNEL_WINDOW_ADJUST 93) ;[SSH-CONNECT]
(define SSH_MSG_CHANNEL_DATA 94) ;[SSH-CONNECT]
(define SSH_MSG_CHANNEL_EXTENDED_DATA 95) ;[SSH-CONNECT]
(define SSH_MSG_CHANNEL_EOF 96) ;[SSH-CONNECT]
(define SSH_MSG_CHANNEL_CLOSE 97) ;[SSH-CONNECT]
(define SSH_MSG_CHANNEL_REQUEST 98) ;[SSH-CONNECT]
(define SSH_MSG_CHANNEL_SUCCESS 99) ;[SSH-CONNECT]
(define SSH_MSG_CHANNEL_FAILURE 100) ;[SSH-CONNECT]
;; The following table identifies the initial assignments of the
;; SSH_MSG_DISCONNECT 'description' and 'reason code' values.
;;
;; Symbolic Name reason code
;; ------------- -----------
(define SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1)
(define SSH_DISCONNECT_PROTOCOL_ERROR 2)
(define SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3)
(define SSH_DISCONNECT_RESERVED 4)
(define SSH_DISCONNECT_MAC_ERROR 5)
(define SSH_DISCONNECT_COMPRESSION_ERROR 6)
(define SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7)
(define SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8)
(define SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9)
(define SSH_DISCONNECT_CONNECTION_LOST 10)
(define SSH_DISCONNECT_BY_APPLICATION 11)
(define SSH_DISCONNECT_TOO_MANY_CONNECTIONS 12)
(define SSH_DISCONNECT_AUTH_CANCELLED_BY_USER 13)
(define SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14)
(define SSH_DISCONNECT_ILLEGAL_USER_NAME 15)
;; The initial assignments for the 'reason code' values and
;; 'description' values are given in the table below. Note that the
;; values for the 'reason code' are given in decimal format for
;; readability, but they are actually uint32 values.
;;
;; Symbolic Name reason code
;; ------------- -----------
(define SSH_OPEN_ADMINISTRATIVELY_PROHIBITED 1)
(define SSH_OPEN_CONNECT_FAILED 2)
(define SSH_OPEN_UNKNOWN_CHANNEL_TYPE 3)
(define SSH_OPEN_RESOURCE_SHORTAGE 4)
;; The initial assignments for the 'data_type_code' values and 'data'
;; values are given in the table below. Note that the value for the
;; 'data_type_code' is given in decimal format for readability, but the
;; values are actually uint32 values.
;;
;; Symbolic name data_type_code
;; ------------- --------------
(define SSH_EXTENDED_DATA_STDERR 1)
;; The following table identifies the initial assignments of the opcode
;; values that are used in the 'encoded terminal modes' value.
(define-mapping integer->terminal-mode-opcode terminal-mode-opcode->integer
#:forward-default values
#:backward-default values
;; opcode mnemonic description
;; ------ -------- -----------
(0 TTY_OP_END);Indicates end of options.
(1 VINTR) ;Interrupt character; 255 if none. Similarly
; for the other characters. Not all of these
; characters are supported on all systems.
(2 VQUIT) ;The quit character (sends SIGQUIT signal on
; POSIX systems).
(3 VERASE) ;Erase the character to left of the cursor.
(4 VKILL) ;Kill the current input line.
(5 VEOF) ;End-of-file character (sends EOF from the
; terminal).
(6 VEOL) ;End-of-line character in addition to
; carriage return and/or linefeed.
(7 VEOL2) ;Additional end-of-line character.
(8 VSTART) ;Continues paused output (normally
; control-Q).
(9 VSTOP) ;Pauses output (normally control-S).
(10 VSUSP) ;Suspends the current program.
(11 VDSUSP) ;Another suspend character.
(12 VREPRINT) ;Reprints the current input line.
(13 VWERASE) ;Erases a word left of cursor.
(14 VLNEXT) ;Enter the next character typed literally,
; even if it is a special character
(15 VFLUSH) ;Character to flush output.
(16 VSWTCH) ;Switch to a different shell layer.
(17 VSTATUS) ;Prints system status line (load, command,
; pid, etc).
(18 VDISCARD) ;Toggles the flushing of terminal output.
(30 IGNPAR) ;The ignore parity flag. The parameter
; SHOULD be 0 if this flag is FALSE,
; and 1 if it is TRUE.
(31 PARMRK) ;Mark parity and framing errors.
(32 INPCK) ;Enable checking of parity errors.
(33 ISTRIP) ;Strip 8th bit off characters.
(34 INLCR) ;Map NL into CR on input.
(35 IGNCR) ;Ignore CR on input.
(36 ICRNL) ;Map CR to NL on input.
(37 IUCLC) ;Translate uppercase characters to
; lowercase.
(38 IXON) ;Enable output flow control.
(39 IXANY) ;Any char will restart after stop.
(40 IXOFF) ;Enable input flow control.
(41 IMAXBEL) ;Ring bell on input queue full.
(50 ISIG) ;Enable signals INTR, QUIT, [D]SUSP.
(51 ICANON) ;Canonicalize input lines.
(52 XCASE) ;Enable input and output of uppercase
; characters by preceding their lowercase
; equivalents with "\".
(53 ECHO) ;Enable echoing.
(54 ECHOE) ;Visually erase chars.
(55 ECHOK) ;Kill character discards current line.
(56 ECHONL) ;Echo NL even if ECHO is off.
(57 NOFLSH) ;Don't flush after interrupt.
(58 TOSTOP) ;Stop background jobs from output.
(59 IEXTEN) ;Enable extensions.
(60 ECHOCTL) ;Echo control characters as ^(Char).
(61 ECHOKE) ;Visual erase for line kill.
(62 PENDIN) ;Retype pending input.
(70 OPOST) ;Enable output processing.
(71 OLCUC) ;Convert lowercase to uppercase.
(72 ONLCR) ;Map NL to CR-NL.
(73 OCRNL) ;Translate carriage return to newline
; (output).
(74 ONOCR) ;Translate newline to carriage
; return-newline (output).
(75 ONLRET) ;Newline performs a carriage return
; (output).
(90 CS7) ;7 bit mode.
(91 CS8) ;8 bit mode.
(92 PARENB) ;Parity enable.
(93 PARODD) ;Odd parity, else even.
(128 TTY_OP_ISPEED);Specifies the input baud rate in
; bits per second.
(129 TTY_OP_OSPEED);Specifies the output baud rate in
; bits per second.
)
;; The 'service name' is used to describe a protocol layer. The
;; following table lists the initial assignments of the 'service name'
;; values.
(define ssh-service-names '(
;; Service Name Reference
;; ------------- ---------
ssh-userauth ;[SSH-USERAUTH]
ssh-connection ;[SSH-CONNECT]
))
;; The Authentication Method Name is used to describe an authentication
;; method for the "ssh-userauth" service [SSH-USERAUTH]. The following
;; table identifies the initial assignments of the Authentication Method
;; Names.
(define ssh-authentication-method-names '(
;; Method Name Reference
;; ------------ ---------
publickey ;[SSH-USERAUTH, Section 7]
password ;[SSH-USERAUTH, Section 8]
hostbased ;[SSH-USERAUTH, Section 9]
none ;[SSH-USERAUTH, Section 5.2]
))
;; The following table lists the initial assignments of the Connection
;; Protocol Channel Types.
(define ssh-channel-type-names '(
;; Channel type Reference
;; ------------ ---------
session ;[SSH-CONNECT, Section 6.1]
x11 ;[SSH-CONNECT, Section 6.3.2]
forwarded-tcpip ;[SSH-CONNECT, Section 7.2]
direct-tcpip ;[SSH-CONNECT, Section 7.2]
))
;; The following table lists the initial assignments of the Connection
;; Protocol Global Request Names.
(define ssh-global-request-names '(
;; Request type Reference
;; ------------ ---------
tcpip-forward ;[SSH-CONNECT, Section 7.1]
cancel-tcpip-forward ;[SSH-CONNECT, Section 7.1]
))
;; The following table lists the initial assignments of the Connection
;; Protocol Channel Request Names.
(define ssh-channel-request-names '(
;; Request type Reference
;; ------------ ---------
pty-req ;[SSH-CONNECT, Section 6.2]
x11-req ;[SSH-CONNECT, Section 6.3.1]
env ;[SSH-CONNECT, Section 6.4]
shell ;[SSH-CONNECT, Section 6.5]
exec ;[SSH-CONNECT, Section 6.5]
subsystem ;[SSH-CONNECT, Section 6.5]
window-change ;[SSH-CONNECT, Section 6.7]
xon-xoff ;[SSH-CONNECT, Section 6.8]
signal ;[SSH-CONNECT, Section 6.9]
exit-status ;[SSH-CONNECT, Section 6.10]
exit-signal ;[SSH-CONNECT, Section 6.10]
))
;; The following table lists the initial assignments of the Signal
;; Names.
(define ssh-signal-names '(
;; Signal Reference
;; ------ ---------
ABRT ;[SSH-CONNECT]
ALRM ;[SSH-CONNECT]
FPE ;[SSH-CONNECT]
HUP ;[SSH-CONNECT]
ILL ;[SSH-CONNECT]
INT ;[SSH-CONNECT]
KILL ;[SSH-CONNECT]
PIPE ;[SSH-CONNECT]
QUIT ;[SSH-CONNECT]
SEGV ;[SSH-CONNECT]
TERM ;[SSH-CONNECT]
USR1 ;[SSH-CONNECT]
USR2 ;[SSH-CONNECT]
))
;; The following table identifies the initial assignments of the key
;; exchange methods.
(define ssh-key-exchange-method-names '(
;; Method name Reference
;; ------------ ---------
diffie-hellman-group1-sha1 ;[SSH-TRANS, Section 8.1]
diffie-hellman-group14-sha1 ;[SSH-TRANS, Section 8.2]
))
;; The following table identifies the initial assignment of the
;; Encryption Algorithm Names.
(define ssh-encryption-algorithm-names '(
;; Encryption Algorithm Name Reference
;; ------------------------- ---------
3des-cbc ;[SSH-TRANS, Section 6.3]
blowfish-cbc ;[SSH-TRANS, Section 6.3]
twofish256-cbc ;[SSH-TRANS, Section 6.3]
twofish-cbc ;[SSH-TRANS, Section 6.3]
twofish192-cbc ;[SSH-TRANS, Section 6.3]
twofish128-cbc ;[SSH-TRANS, Section 6.3]
aes256-cbc ;[SSH-TRANS, Section 6.3]
aes192-cbc ;[SSH-TRANS, Section 6.3]
aes128-cbc ;[SSH-TRANS, Section 6.3]
serpent256-cbc ;[SSH-TRANS, Section 6.3]
serpent192-cbc ;[SSH-TRANS, Section 6.3]
serpent128-cbc ;[SSH-TRANS, Section 6.3]
arcfour ;[SSH-TRANS, Section 6.3]
idea-cbc ;[SSH-TRANS, Section 6.3]
cast128-cbc ;[SSH-TRANS, Section 6.3]
none ;[SSH-TRANS, Section 6.3]
des-cbc ;[FIPS-46-3] HISTORIC; See
; page 4 of [FIPS-46-3]
;; (From RFC 4344):
aes128-ctr ;RECOMMENDED AES (Rijndael) in SDCTR mode,
; with 128-bit key
aes192-ctr ;RECOMMENDED AES with 192-bit key
aes256-ctr ;RECOMMENDED AES with 256-bit key
3des-ctr ;RECOMMENDED Three-key 3DES in SDCTR mode
blowfish-ctr ;OPTIONAL Blowfish in SDCTR mode
twofish128-ctr ;OPTIONAL Twofish in SDCTR mode,
; with 128-bit key
twofish192-ctr ;OPTIONAL Twofish with 192-bit key
twofish256-ctr ;OPTIONAL Twofish with 256-bit key
serpent128-ctr ;OPTIONAL Serpent in SDCTR mode, with
; 128-bit key
serpent192-ctr ;OPTIONAL Serpent with 192-bit key
serpent256-ctr ;OPTIONAL Serpent with 256-bit key
idea-ctr ;OPTIONAL IDEA in SDCTR mode
cast128-ctr ;OPTIONAL CAST-128 in SDCTR mode,
; with 128-bit key
))
;; The following table identifies the initial assignments of the MAC
;; Algorithm Names.
(define ssh-mac-algorithm-names '(
;; MAC Algorithm Name Reference
;; ------------------ ---------
hmac-sha1 ;[SSH-TRANS, Section 6.4]
hmac-sha1-96 ;[SSH-TRANS, Section 6.4]
hmac-md5 ;[SSH-TRANS, Section 6.4]
hmac-md5-96 ;[SSH-TRANS, Section 6.4]
none ;[SSH-TRANS, Section 6.4]
))
;; The following table identifies the initial assignments of the Public
;; Key Algorithm names.
(define ssh-public-key-algorithm-names '(
;; Public Key Algorithm Name Reference
;; ------------------------- ---------
ssh-dss ;[SSH-TRANS, Section 6.6]
ssh-rsa ;[SSH-TRANS, Section 6.6]
pgp-sign-rsa ;[SSH-TRANS, Section 6.6]
pgp-sign-dss ;[SSH-TRANS, Section 6.6]
))
;; The following table identifies the initial assignments of the
;; Compression Algorithm names.
(define ssh-compression-algorithm-names '(
;; Compression Algorithm Name Reference
;; -------------------------- ---------
none ;[SSH-TRANS, Section 6.2]
zlib ;[SSH-TRANS, Section 6.2]
))