From 0b60d73f64208c7086f46a92ffc0eec7b55856e1 Mon Sep 17 00:00:00 2001 From: Tony Garnock-Jones Date: Wed, 10 Aug 2011 11:02:22 -0400 Subject: [PATCH] Numbers from RFCs 4250 and 4344 --- mapping.rkt | 35 +++++ ssh-numbers.rkt | 360 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 395 insertions(+) create mode 100644 mapping.rkt create mode 100644 ssh-numbers.rkt diff --git a/mapping.rkt b/mapping.rkt new file mode 100644 index 0000000..9189f16 --- /dev/null +++ b/mapping.rkt @@ -0,0 +1,35 @@ +#lang racket/base + +(provide define-mapping) + +(define-syntax check-defaults + (syntax-rules () + ((_ fn bn fd bd #:forward-default new-fd rest ...) + (check-defaults fn bn new-fd bd rest ...)) + ((_ fn bn fd bd #:backward-default new-bd rest ...) + (check-defaults fn bn fd new-bd rest ...)) + ((_ fn bn fd bd (lhs rhs) ...) + (begin + (define (fn l) + (case l + ((lhs) 'rhs) ... + (else (fd l)))) + (define (bn r) + (case r + ((rhs) 'lhs) ... + (else (bd r)))))))) + +(define (die-with-mapping-name n) + (lambda (v) + (raise (exn:fail:contract + (format "~v: Mapping not found for ~v" n v) + (current-continuation-marks))))) + +(define-syntax define-mapping + (syntax-rules () + ((_ forward-name backward-name rest ...) + (check-defaults forward-name + backward-name + (die-with-mapping-name 'forward-name) + (die-with-mapping-name 'backward-name) + rest ...)))) diff --git a/ssh-numbers.rkt b/ssh-numbers.rkt new file mode 100644 index 0000000..1e61923 --- /dev/null +++ b/ssh-numbers.rkt @@ -0,0 +1,360 @@ +#lang racket/base + +(require "mapping.rkt") + +;; Assigned numbers, from RFCs 4250 and 4344. + +;; Protocol packets have message numbers in the range 1 to 255. These +;; numbers are allocated as follows: +;; +;; Transport layer protocol: +;; +;; 1 to 19 Transport layer generic (e.g., disconnect, ignore, +;; debug, etc.) +;; 20 to 29 Algorithm negotiation +;; 30 to 49 Key exchange method specific (numbers can be reused +;; for different authentication methods) +;; +;; User authentication protocol: +;; +;; 50 to 59 User authentication generic +;; 60 to 79 User authentication method specific (numbers can be +;; reused for different authentication methods) +;; +;; Connection protocol: +;; +;; 80 to 89 Connection protocol generic +;; 90 to 127 Channel related messages +;; +;; Reserved for client protocols: +;; +;; 128 to 191 Reserved +;; +;; Local extensions: +;; +;; 192 to 255 Local extensions + +(provide (all-defined-out)) ;; I know, I know + +;;; SSH message type IDs. +;; +;; Message ID Value Reference +;; ----------- ----- --------- +(define SSH_MSG_DISCONNECT 1) ;[SSH-TRANS] +(define SSH_MSG_IGNORE 2) ;[SSH-TRANS] +(define SSH_MSG_UNIMPLEMENTED 3) ;[SSH-TRANS] +(define SSH_MSG_DEBUG 4) ;[SSH-TRANS] +(define SSH_MSG_SERVICE_REQUEST 5) ;[SSH-TRANS] +(define SSH_MSG_SERVICE_ACCEPT 6) ;[SSH-TRANS] +(define SSH_MSG_KEXINIT 20) ;[SSH-TRANS] +(define SSH_MSG_NEWKEYS 21) ;[SSH-TRANS] +(define SSH_MSG_USERAUTH_REQUEST 50) ;[SSH-USERAUTH] +(define SSH_MSG_USERAUTH_FAILURE 51) ;[SSH-USERAUTH] +(define SSH_MSG_USERAUTH_SUCCESS 52) ;[SSH-USERAUTH] +(define SSH_MSG_USERAUTH_BANNER 53) ;[SSH-USERAUTH] +(define SSH_MSG_GLOBAL_REQUEST 80) ;[SSH-CONNECT] +(define SSH_MSG_REQUEST_SUCCESS 81) ;[SSH-CONNECT] +(define SSH_MSG_REQUEST_FAILURE 82) ;[SSH-CONNECT] +(define SSH_MSG_CHANNEL_OPEN 90) ;[SSH-CONNECT] +(define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 91) ;[SSH-CONNECT] +(define SSH_MSG_CHANNEL_OPEN_FAILURE 92) ;[SSH-CONNECT] +(define SSH_MSG_CHANNEL_WINDOW_ADJUST 93) ;[SSH-CONNECT] +(define SSH_MSG_CHANNEL_DATA 94) ;[SSH-CONNECT] +(define SSH_MSG_CHANNEL_EXTENDED_DATA 95) ;[SSH-CONNECT] +(define SSH_MSG_CHANNEL_EOF 96) ;[SSH-CONNECT] +(define SSH_MSG_CHANNEL_CLOSE 97) ;[SSH-CONNECT] +(define SSH_MSG_CHANNEL_REQUEST 98) ;[SSH-CONNECT] +(define SSH_MSG_CHANNEL_SUCCESS 99) ;[SSH-CONNECT] +(define SSH_MSG_CHANNEL_FAILURE 100) ;[SSH-CONNECT] + +;; The following table identifies the initial assignments of the +;; SSH_MSG_DISCONNECT 'description' and 'reason code' values. +;; +;; Symbolic Name reason code +;; ------------- ----------- +(define SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1) +(define SSH_DISCONNECT_PROTOCOL_ERROR 2) +(define SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3) +(define SSH_DISCONNECT_RESERVED 4) +(define SSH_DISCONNECT_MAC_ERROR 5) +(define SSH_DISCONNECT_COMPRESSION_ERROR 6) +(define SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7) +(define SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8) +(define SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9) +(define SSH_DISCONNECT_CONNECTION_LOST 10) +(define SSH_DISCONNECT_BY_APPLICATION 11) +(define SSH_DISCONNECT_TOO_MANY_CONNECTIONS 12) +(define SSH_DISCONNECT_AUTH_CANCELLED_BY_USER 13) +(define SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14) +(define SSH_DISCONNECT_ILLEGAL_USER_NAME 15) + +;; The initial assignments for the 'reason code' values and +;; 'description' values are given in the table below. Note that the +;; values for the 'reason code' are given in decimal format for +;; readability, but they are actually uint32 values. +;; +;; Symbolic Name reason code +;; ------------- ----------- +(define SSH_OPEN_ADMINISTRATIVELY_PROHIBITED 1) +(define SSH_OPEN_CONNECT_FAILED 2) +(define SSH_OPEN_UNKNOWN_CHANNEL_TYPE 3) +(define SSH_OPEN_RESOURCE_SHORTAGE 4) + +;; The initial assignments for the 'data_type_code' values and 'data' +;; values are given in the table below. Note that the value for the +;; 'data_type_code' is given in decimal format for readability, but the +;; values are actually uint32 values. +;; +;; Symbolic name data_type_code +;; ------------- -------------- +(define SSH_EXTENDED_DATA_STDERR 1) + +;; The following table identifies the initial assignments of the opcode +;; values that are used in the 'encoded terminal modes' value. + +(define-mapping integer->terminal-mode-opcode terminal-mode-opcode->integer + #:forward-default values + #:backward-default values +;; opcode mnemonic description +;; ------ -------- ----------- + (0 TTY_OP_END);Indicates end of options. + (1 VINTR) ;Interrupt character; 255 if none. Similarly + ; for the other characters. Not all of these + ; characters are supported on all systems. + (2 VQUIT) ;The quit character (sends SIGQUIT signal on + ; POSIX systems). + (3 VERASE) ;Erase the character to left of the cursor. + (4 VKILL) ;Kill the current input line. + (5 VEOF) ;End-of-file character (sends EOF from the + ; terminal). + (6 VEOL) ;End-of-line character in addition to + ; carriage return and/or linefeed. + (7 VEOL2) ;Additional end-of-line character. + (8 VSTART) ;Continues paused output (normally + ; control-Q). + (9 VSTOP) ;Pauses output (normally control-S). + (10 VSUSP) ;Suspends the current program. + (11 VDSUSP) ;Another suspend character. + (12 VREPRINT) ;Reprints the current input line. + (13 VWERASE) ;Erases a word left of cursor. + (14 VLNEXT) ;Enter the next character typed literally, + ; even if it is a special character + (15 VFLUSH) ;Character to flush output. + (16 VSWTCH) ;Switch to a different shell layer. + (17 VSTATUS) ;Prints system status line (load, command, + ; pid, etc). + (18 VDISCARD) ;Toggles the flushing of terminal output. + (30 IGNPAR) ;The ignore parity flag. The parameter + ; SHOULD be 0 if this flag is FALSE, + ; and 1 if it is TRUE. + (31 PARMRK) ;Mark parity and framing errors. + (32 INPCK) ;Enable checking of parity errors. + (33 ISTRIP) ;Strip 8th bit off characters. + (34 INLCR) ;Map NL into CR on input. + (35 IGNCR) ;Ignore CR on input. + (36 ICRNL) ;Map CR to NL on input. + (37 IUCLC) ;Translate uppercase characters to + ; lowercase. + (38 IXON) ;Enable output flow control. + (39 IXANY) ;Any char will restart after stop. + (40 IXOFF) ;Enable input flow control. + (41 IMAXBEL) ;Ring bell on input queue full. + (50 ISIG) ;Enable signals INTR, QUIT, [D]SUSP. + (51 ICANON) ;Canonicalize input lines. + (52 XCASE) ;Enable input and output of uppercase + ; characters by preceding their lowercase + ; equivalents with "\". + (53 ECHO) ;Enable echoing. + (54 ECHOE) ;Visually erase chars. + (55 ECHOK) ;Kill character discards current line. + (56 ECHONL) ;Echo NL even if ECHO is off. + (57 NOFLSH) ;Don't flush after interrupt. + (58 TOSTOP) ;Stop background jobs from output. + (59 IEXTEN) ;Enable extensions. + (60 ECHOCTL) ;Echo control characters as ^(Char). + (61 ECHOKE) ;Visual erase for line kill. + (62 PENDIN) ;Retype pending input. + (70 OPOST) ;Enable output processing. + (71 OLCUC) ;Convert lowercase to uppercase. + (72 ONLCR) ;Map NL to CR-NL. + (73 OCRNL) ;Translate carriage return to newline + ; (output). + (74 ONOCR) ;Translate newline to carriage + ; return-newline (output). + (75 ONLRET) ;Newline performs a carriage return + ; (output). + (90 CS7) ;7 bit mode. + (91 CS8) ;8 bit mode. + (92 PARENB) ;Parity enable. + (93 PARODD) ;Odd parity, else even. + + (128 TTY_OP_ISPEED);Specifies the input baud rate in + ; bits per second. + (129 TTY_OP_OSPEED);Specifies the output baud rate in + ; bits per second. + ) + +;; The 'service name' is used to describe a protocol layer. The +;; following table lists the initial assignments of the 'service name' +;; values. +(define ssh-service-names '( +;; Service Name Reference +;; ------------- --------- + ssh-userauth ;[SSH-USERAUTH] + ssh-connection ;[SSH-CONNECT] + )) + +;; The Authentication Method Name is used to describe an authentication +;; method for the "ssh-userauth" service [SSH-USERAUTH]. The following +;; table identifies the initial assignments of the Authentication Method +;; Names. +(define ssh-authentication-method-names '( +;; Method Name Reference +;; ------------ --------- + publickey ;[SSH-USERAUTH, Section 7] + password ;[SSH-USERAUTH, Section 8] + hostbased ;[SSH-USERAUTH, Section 9] + none ;[SSH-USERAUTH, Section 5.2] + )) + +;; The following table lists the initial assignments of the Connection +;; Protocol Channel Types. +(define ssh-channel-type-names '( +;; Channel type Reference +;; ------------ --------- + session ;[SSH-CONNECT, Section 6.1] + x11 ;[SSH-CONNECT, Section 6.3.2] + forwarded-tcpip ;[SSH-CONNECT, Section 7.2] + direct-tcpip ;[SSH-CONNECT, Section 7.2] + )) + +;; The following table lists the initial assignments of the Connection +;; Protocol Global Request Names. +(define ssh-global-request-names '( +;; Request type Reference +;; ------------ --------- + tcpip-forward ;[SSH-CONNECT, Section 7.1] + cancel-tcpip-forward ;[SSH-CONNECT, Section 7.1] + )) + +;; The following table lists the initial assignments of the Connection +;; Protocol Channel Request Names. +(define ssh-channel-request-names '( +;; Request type Reference +;; ------------ --------- + pty-req ;[SSH-CONNECT, Section 6.2] + x11-req ;[SSH-CONNECT, Section 6.3.1] + env ;[SSH-CONNECT, Section 6.4] + shell ;[SSH-CONNECT, Section 6.5] + exec ;[SSH-CONNECT, Section 6.5] + subsystem ;[SSH-CONNECT, Section 6.5] + window-change ;[SSH-CONNECT, Section 6.7] + xon-xoff ;[SSH-CONNECT, Section 6.8] + signal ;[SSH-CONNECT, Section 6.9] + exit-status ;[SSH-CONNECT, Section 6.10] + exit-signal ;[SSH-CONNECT, Section 6.10] + )) + +;; The following table lists the initial assignments of the Signal +;; Names. +(define ssh-signal-names '( +;; Signal Reference +;; ------ --------- + ABRT ;[SSH-CONNECT] + ALRM ;[SSH-CONNECT] + FPE ;[SSH-CONNECT] + HUP ;[SSH-CONNECT] + ILL ;[SSH-CONNECT] + INT ;[SSH-CONNECT] + KILL ;[SSH-CONNECT] + PIPE ;[SSH-CONNECT] + QUIT ;[SSH-CONNECT] + SEGV ;[SSH-CONNECT] + TERM ;[SSH-CONNECT] + USR1 ;[SSH-CONNECT] + USR2 ;[SSH-CONNECT] + )) + +;; The following table identifies the initial assignments of the key +;; exchange methods. +(define ssh-key-exchange-method-names '( +;; Method name Reference +;; ------------ --------- + diffie-hellman-group1-sha1 ;[SSH-TRANS, Section 8.1] + diffie-hellman-group14-sha1 ;[SSH-TRANS, Section 8.2] + )) + +;; The following table identifies the initial assignment of the +;; Encryption Algorithm Names. +(define ssh-encryption-algorithm-names '( +;; Encryption Algorithm Name Reference +;; ------------------------- --------- + 3des-cbc ;[SSH-TRANS, Section 6.3] + blowfish-cbc ;[SSH-TRANS, Section 6.3] + twofish256-cbc ;[SSH-TRANS, Section 6.3] + twofish-cbc ;[SSH-TRANS, Section 6.3] + twofish192-cbc ;[SSH-TRANS, Section 6.3] + twofish128-cbc ;[SSH-TRANS, Section 6.3] + aes256-cbc ;[SSH-TRANS, Section 6.3] + aes192-cbc ;[SSH-TRANS, Section 6.3] + aes128-cbc ;[SSH-TRANS, Section 6.3] + serpent256-cbc ;[SSH-TRANS, Section 6.3] + serpent192-cbc ;[SSH-TRANS, Section 6.3] + serpent128-cbc ;[SSH-TRANS, Section 6.3] + arcfour ;[SSH-TRANS, Section 6.3] + idea-cbc ;[SSH-TRANS, Section 6.3] + cast128-cbc ;[SSH-TRANS, Section 6.3] + none ;[SSH-TRANS, Section 6.3] + des-cbc ;[FIPS-46-3] HISTORIC; See + ; page 4 of [FIPS-46-3] +;; (From RFC 4344): + aes128-ctr ;RECOMMENDED AES (Rijndael) in SDCTR mode, + ; with 128-bit key + aes192-ctr ;RECOMMENDED AES with 192-bit key + aes256-ctr ;RECOMMENDED AES with 256-bit key + 3des-ctr ;RECOMMENDED Three-key 3DES in SDCTR mode + blowfish-ctr ;OPTIONAL Blowfish in SDCTR mode + twofish128-ctr ;OPTIONAL Twofish in SDCTR mode, + ; with 128-bit key + twofish192-ctr ;OPTIONAL Twofish with 192-bit key + twofish256-ctr ;OPTIONAL Twofish with 256-bit key + serpent128-ctr ;OPTIONAL Serpent in SDCTR mode, with + ; 128-bit key + serpent192-ctr ;OPTIONAL Serpent with 192-bit key + serpent256-ctr ;OPTIONAL Serpent with 256-bit key + idea-ctr ;OPTIONAL IDEA in SDCTR mode + cast128-ctr ;OPTIONAL CAST-128 in SDCTR mode, + ; with 128-bit key + )) + +;; The following table identifies the initial assignments of the MAC +;; Algorithm Names. +(define ssh-mac-algorithm-names '( +;; MAC Algorithm Name Reference +;; ------------------ --------- + hmac-sha1 ;[SSH-TRANS, Section 6.4] + hmac-sha1-96 ;[SSH-TRANS, Section 6.4] + hmac-md5 ;[SSH-TRANS, Section 6.4] + hmac-md5-96 ;[SSH-TRANS, Section 6.4] + none ;[SSH-TRANS, Section 6.4] + )) + +;; The following table identifies the initial assignments of the Public +;; Key Algorithm names. +(define ssh-public-key-algorithm-names '( +;; Public Key Algorithm Name Reference +;; ------------------------- --------- + ssh-dss ;[SSH-TRANS, Section 6.6] + ssh-rsa ;[SSH-TRANS, Section 6.6] + pgp-sign-rsa ;[SSH-TRANS, Section 6.6] + pgp-sign-dss ;[SSH-TRANS, Section 6.6] + )) + +;; The following table identifies the initial assignments of the +;; Compression Algorithm names. +(define ssh-compression-algorithm-names '( +;; Compression Algorithm Name Reference +;; -------------------------- --------- + none ;[SSH-TRANS, Section 6.2] + zlib ;[SSH-TRANS, Section 6.2] + ))