379 lines
19 KiB
Racket
379 lines
19 KiB
Racket
#lang racket/base
|
|
|
|
(require "mapping.rkt")
|
|
|
|
(provide (all-defined-out)) ;; I know, I know
|
|
|
|
;; Assigned numbers, from RFCs 4250 and 4344.
|
|
|
|
;; Protocol packets have message numbers in the range 1 to 255. These
|
|
;; numbers are allocated as follows:
|
|
;;
|
|
;; Transport layer protocol:
|
|
;;
|
|
;; 1 to 19 Transport layer generic (e.g., disconnect, ignore,
|
|
;; debug, etc.)
|
|
;; 20 to 29 Algorithm negotiation
|
|
;; 30 to 49 Key exchange method specific (numbers can be reused
|
|
;; for different authentication methods)
|
|
;;
|
|
;; User authentication protocol:
|
|
;;
|
|
;; 50 to 59 User authentication generic
|
|
;; 60 to 79 User authentication method specific (numbers can be
|
|
;; reused for different authentication methods)
|
|
;;
|
|
;; Connection protocol:
|
|
;;
|
|
;; 80 to 89 Connection protocol generic
|
|
;; 90 to 127 Channel related messages
|
|
;;
|
|
;; Reserved for client protocols:
|
|
;;
|
|
;; 128 to 191 Reserved
|
|
;;
|
|
;; Local extensions:
|
|
;;
|
|
;; 192 to 255 Local extensions
|
|
|
|
(define (ssh-msg-type-transport-layer? msg-type) (>= 49 msg-type 1))
|
|
(define (ssh-msg-type-transport-layer-generic? msg-type) (>= 19 msg-type 1))
|
|
(define (ssh-msg-type-transport-layer-algorithm-negotiation? msg-type) (>= 29 msg-type 20))
|
|
(define (ssh-msg-type-transport-layer-key-exchange? msg-type) (>= 49 msg-type 30))
|
|
|
|
(define (ssh-msg-type-authentication? msg-type) (>= 79 msg-type 50))
|
|
(define (ssh-msg-type-authentication-generic? msg-type) (>= 59 msg-type 50))
|
|
(define (ssh-msg-type-authentication-specific? msg-type) (>= 79 msg-type 60))
|
|
|
|
(define (ssh-msg-type-connection? msg-type) (>= 127 msg-type 80))
|
|
(define (ssh-msg-type-connection-generic? msg-type) (>= 89 msg-type 80))
|
|
(define (ssh-msg-type-connection-channel? msg-type) (>= 127 msg-type 90))
|
|
|
|
(define (ssh-msg-type-client? msg-type) (>= 191 msg-type 128))
|
|
(define (ssh-msg-type-local? msg-type) (>= 255 msg-type 192))
|
|
|
|
;;; SSH message type IDs.
|
|
;;
|
|
;; Message ID Value Reference
|
|
;; ----------- ----- ---------
|
|
(define SSH_MSG_DISCONNECT 1) ;[SSH-TRANS]
|
|
(define SSH_MSG_IGNORE 2) ;[SSH-TRANS]
|
|
(define SSH_MSG_UNIMPLEMENTED 3) ;[SSH-TRANS]
|
|
(define SSH_MSG_DEBUG 4) ;[SSH-TRANS]
|
|
(define SSH_MSG_SERVICE_REQUEST 5) ;[SSH-TRANS]
|
|
(define SSH_MSG_SERVICE_ACCEPT 6) ;[SSH-TRANS]
|
|
(define SSH_MSG_KEXINIT 20) ;[SSH-TRANS]
|
|
(define SSH_MSG_NEWKEYS 21) ;[SSH-TRANS]
|
|
(define SSH_MSG_KEXDH_INIT 30) ;RFC 4253 errata
|
|
(define SSH_MSG_KEXDH_REPLY 31) ;RFC 4253 errata
|
|
(define SSH_MSG_USERAUTH_REQUEST 50) ;[SSH-USERAUTH]
|
|
(define SSH_MSG_USERAUTH_FAILURE 51) ;[SSH-USERAUTH]
|
|
(define SSH_MSG_USERAUTH_SUCCESS 52) ;[SSH-USERAUTH]
|
|
(define SSH_MSG_USERAUTH_BANNER 53) ;[SSH-USERAUTH]
|
|
(define SSH_MSG_GLOBAL_REQUEST 80) ;[SSH-CONNECT]
|
|
(define SSH_MSG_REQUEST_SUCCESS 81) ;[SSH-CONNECT]
|
|
(define SSH_MSG_REQUEST_FAILURE 82) ;[SSH-CONNECT]
|
|
(define SSH_MSG_CHANNEL_OPEN 90) ;[SSH-CONNECT]
|
|
(define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 91) ;[SSH-CONNECT]
|
|
(define SSH_MSG_CHANNEL_OPEN_FAILURE 92) ;[SSH-CONNECT]
|
|
(define SSH_MSG_CHANNEL_WINDOW_ADJUST 93) ;[SSH-CONNECT]
|
|
(define SSH_MSG_CHANNEL_DATA 94) ;[SSH-CONNECT]
|
|
(define SSH_MSG_CHANNEL_EXTENDED_DATA 95) ;[SSH-CONNECT]
|
|
(define SSH_MSG_CHANNEL_EOF 96) ;[SSH-CONNECT]
|
|
(define SSH_MSG_CHANNEL_CLOSE 97) ;[SSH-CONNECT]
|
|
(define SSH_MSG_CHANNEL_REQUEST 98) ;[SSH-CONNECT]
|
|
(define SSH_MSG_CHANNEL_SUCCESS 99) ;[SSH-CONNECT]
|
|
(define SSH_MSG_CHANNEL_FAILURE 100) ;[SSH-CONNECT]
|
|
|
|
;; The following table identifies the initial assignments of the
|
|
;; SSH_MSG_DISCONNECT 'description' and 'reason code' values.
|
|
;;
|
|
;; Symbolic Name reason code
|
|
;; ------------- -----------
|
|
(define SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1)
|
|
(define SSH_DISCONNECT_PROTOCOL_ERROR 2)
|
|
(define SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3)
|
|
(define SSH_DISCONNECT_RESERVED 4)
|
|
(define SSH_DISCONNECT_MAC_ERROR 5)
|
|
(define SSH_DISCONNECT_COMPRESSION_ERROR 6)
|
|
(define SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7)
|
|
(define SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8)
|
|
(define SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9)
|
|
(define SSH_DISCONNECT_CONNECTION_LOST 10)
|
|
(define SSH_DISCONNECT_BY_APPLICATION 11)
|
|
(define SSH_DISCONNECT_TOO_MANY_CONNECTIONS 12)
|
|
(define SSH_DISCONNECT_AUTH_CANCELLED_BY_USER 13)
|
|
(define SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14)
|
|
(define SSH_DISCONNECT_ILLEGAL_USER_NAME 15)
|
|
|
|
;; The initial assignments for the 'reason code' values and
|
|
;; 'description' values are given in the table below. Note that the
|
|
;; values for the 'reason code' are given in decimal format for
|
|
;; readability, but they are actually uint32 values.
|
|
;;
|
|
;; Symbolic Name reason code
|
|
;; ------------- -----------
|
|
(define SSH_OPEN_ADMINISTRATIVELY_PROHIBITED 1)
|
|
(define SSH_OPEN_CONNECT_FAILED 2)
|
|
(define SSH_OPEN_UNKNOWN_CHANNEL_TYPE 3)
|
|
(define SSH_OPEN_RESOURCE_SHORTAGE 4)
|
|
|
|
;; The initial assignments for the 'data_type_code' values and 'data'
|
|
;; values are given in the table below. Note that the value for the
|
|
;; 'data_type_code' is given in decimal format for readability, but the
|
|
;; values are actually uint32 values.
|
|
;;
|
|
;; Symbolic name data_type_code
|
|
;; ------------- --------------
|
|
(define SSH_EXTENDED_DATA_STDERR 1)
|
|
|
|
;; The following table identifies the initial assignments of the opcode
|
|
;; values that are used in the 'encoded terminal modes' value.
|
|
|
|
(define-mapping integer->terminal-mode-opcode terminal-mode-opcode->integer
|
|
#:forward-default values
|
|
#:backward-default values
|
|
;; opcode mnemonic description
|
|
;; ------ -------- -----------
|
|
(0 TTY_OP_END);Indicates end of options.
|
|
(1 VINTR) ;Interrupt character; 255 if none. Similarly
|
|
; for the other characters. Not all of these
|
|
; characters are supported on all systems.
|
|
(2 VQUIT) ;The quit character (sends SIGQUIT signal on
|
|
; POSIX systems).
|
|
(3 VERASE) ;Erase the character to left of the cursor.
|
|
(4 VKILL) ;Kill the current input line.
|
|
(5 VEOF) ;End-of-file character (sends EOF from the
|
|
; terminal).
|
|
(6 VEOL) ;End-of-line character in addition to
|
|
; carriage return and/or linefeed.
|
|
(7 VEOL2) ;Additional end-of-line character.
|
|
(8 VSTART) ;Continues paused output (normally
|
|
; control-Q).
|
|
(9 VSTOP) ;Pauses output (normally control-S).
|
|
(10 VSUSP) ;Suspends the current program.
|
|
(11 VDSUSP) ;Another suspend character.
|
|
(12 VREPRINT) ;Reprints the current input line.
|
|
(13 VWERASE) ;Erases a word left of cursor.
|
|
(14 VLNEXT) ;Enter the next character typed literally,
|
|
; even if it is a special character
|
|
(15 VFLUSH) ;Character to flush output.
|
|
(16 VSWTCH) ;Switch to a different shell layer.
|
|
(17 VSTATUS) ;Prints system status line (load, command,
|
|
; pid, etc).
|
|
(18 VDISCARD) ;Toggles the flushing of terminal output.
|
|
(30 IGNPAR) ;The ignore parity flag. The parameter
|
|
; SHOULD be 0 if this flag is FALSE,
|
|
; and 1 if it is TRUE.
|
|
(31 PARMRK) ;Mark parity and framing errors.
|
|
(32 INPCK) ;Enable checking of parity errors.
|
|
(33 ISTRIP) ;Strip 8th bit off characters.
|
|
(34 INLCR) ;Map NL into CR on input.
|
|
(35 IGNCR) ;Ignore CR on input.
|
|
(36 ICRNL) ;Map CR to NL on input.
|
|
(37 IUCLC) ;Translate uppercase characters to
|
|
; lowercase.
|
|
(38 IXON) ;Enable output flow control.
|
|
(39 IXANY) ;Any char will restart after stop.
|
|
(40 IXOFF) ;Enable input flow control.
|
|
(41 IMAXBEL) ;Ring bell on input queue full.
|
|
(50 ISIG) ;Enable signals INTR, QUIT, [D]SUSP.
|
|
(51 ICANON) ;Canonicalize input lines.
|
|
(52 XCASE) ;Enable input and output of uppercase
|
|
; characters by preceding their lowercase
|
|
; equivalents with "\".
|
|
(53 ECHO) ;Enable echoing.
|
|
(54 ECHOE) ;Visually erase chars.
|
|
(55 ECHOK) ;Kill character discards current line.
|
|
(56 ECHONL) ;Echo NL even if ECHO is off.
|
|
(57 NOFLSH) ;Don't flush after interrupt.
|
|
(58 TOSTOP) ;Stop background jobs from output.
|
|
(59 IEXTEN) ;Enable extensions.
|
|
(60 ECHOCTL) ;Echo control characters as ^(Char).
|
|
(61 ECHOKE) ;Visual erase for line kill.
|
|
(62 PENDIN) ;Retype pending input.
|
|
(70 OPOST) ;Enable output processing.
|
|
(71 OLCUC) ;Convert lowercase to uppercase.
|
|
(72 ONLCR) ;Map NL to CR-NL.
|
|
(73 OCRNL) ;Translate carriage return to newline
|
|
; (output).
|
|
(74 ONOCR) ;Translate newline to carriage
|
|
; return-newline (output).
|
|
(75 ONLRET) ;Newline performs a carriage return
|
|
; (output).
|
|
(90 CS7) ;7 bit mode.
|
|
(91 CS8) ;8 bit mode.
|
|
(92 PARENB) ;Parity enable.
|
|
(93 PARODD) ;Odd parity, else even.
|
|
|
|
(128 TTY_OP_ISPEED);Specifies the input baud rate in
|
|
; bits per second.
|
|
(129 TTY_OP_OSPEED);Specifies the output baud rate in
|
|
; bits per second.
|
|
)
|
|
|
|
;; The 'service name' is used to describe a protocol layer. The
|
|
;; following table lists the initial assignments of the 'service name'
|
|
;; values.
|
|
(define ssh-service-names '(
|
|
;; Service Name Reference
|
|
;; ------------- ---------
|
|
ssh-userauth ;[SSH-USERAUTH]
|
|
ssh-connection ;[SSH-CONNECT]
|
|
))
|
|
|
|
;; The Authentication Method Name is used to describe an authentication
|
|
;; method for the "ssh-userauth" service [SSH-USERAUTH]. The following
|
|
;; table identifies the initial assignments of the Authentication Method
|
|
;; Names.
|
|
(define ssh-authentication-method-names '(
|
|
;; Method Name Reference
|
|
;; ------------ ---------
|
|
publickey ;[SSH-USERAUTH, Section 7]
|
|
password ;[SSH-USERAUTH, Section 8]
|
|
hostbased ;[SSH-USERAUTH, Section 9]
|
|
none ;[SSH-USERAUTH, Section 5.2]
|
|
))
|
|
|
|
;; The following table lists the initial assignments of the Connection
|
|
;; Protocol Channel Types.
|
|
(define ssh-channel-type-names '(
|
|
;; Channel type Reference
|
|
;; ------------ ---------
|
|
session ;[SSH-CONNECT, Section 6.1]
|
|
x11 ;[SSH-CONNECT, Section 6.3.2]
|
|
forwarded-tcpip ;[SSH-CONNECT, Section 7.2]
|
|
direct-tcpip ;[SSH-CONNECT, Section 7.2]
|
|
))
|
|
|
|
;; The following table lists the initial assignments of the Connection
|
|
;; Protocol Global Request Names.
|
|
(define ssh-global-request-names '(
|
|
;; Request type Reference
|
|
;; ------------ ---------
|
|
tcpip-forward ;[SSH-CONNECT, Section 7.1]
|
|
cancel-tcpip-forward ;[SSH-CONNECT, Section 7.1]
|
|
))
|
|
|
|
;; The following table lists the initial assignments of the Connection
|
|
;; Protocol Channel Request Names.
|
|
(define ssh-channel-request-names '(
|
|
;; Request type Reference
|
|
;; ------------ ---------
|
|
pty-req ;[SSH-CONNECT, Section 6.2]
|
|
x11-req ;[SSH-CONNECT, Section 6.3.1]
|
|
env ;[SSH-CONNECT, Section 6.4]
|
|
shell ;[SSH-CONNECT, Section 6.5]
|
|
exec ;[SSH-CONNECT, Section 6.5]
|
|
subsystem ;[SSH-CONNECT, Section 6.5]
|
|
window-change ;[SSH-CONNECT, Section 6.7]
|
|
xon-xoff ;[SSH-CONNECT, Section 6.8]
|
|
signal ;[SSH-CONNECT, Section 6.9]
|
|
exit-status ;[SSH-CONNECT, Section 6.10]
|
|
exit-signal ;[SSH-CONNECT, Section 6.10]
|
|
))
|
|
|
|
;; The following table lists the initial assignments of the Signal
|
|
;; Names.
|
|
(define ssh-signal-names '(
|
|
;; Signal Reference
|
|
;; ------ ---------
|
|
ABRT ;[SSH-CONNECT]
|
|
ALRM ;[SSH-CONNECT]
|
|
FPE ;[SSH-CONNECT]
|
|
HUP ;[SSH-CONNECT]
|
|
ILL ;[SSH-CONNECT]
|
|
INT ;[SSH-CONNECT]
|
|
KILL ;[SSH-CONNECT]
|
|
PIPE ;[SSH-CONNECT]
|
|
QUIT ;[SSH-CONNECT]
|
|
SEGV ;[SSH-CONNECT]
|
|
TERM ;[SSH-CONNECT]
|
|
USR1 ;[SSH-CONNECT]
|
|
USR2 ;[SSH-CONNECT]
|
|
))
|
|
|
|
;; The following table identifies the initial assignments of the key
|
|
;; exchange methods.
|
|
(define ssh-key-exchange-method-names '(
|
|
;; Method name Reference
|
|
;; ------------ ---------
|
|
diffie-hellman-group1-sha1 ;[SSH-TRANS, Section 8.1]
|
|
diffie-hellman-group14-sha1 ;[SSH-TRANS, Section 8.2]
|
|
))
|
|
|
|
;; The following table identifies the initial assignment of the
|
|
;; Encryption Algorithm Names.
|
|
(define ssh-encryption-algorithm-names '(
|
|
;; Encryption Algorithm Name Reference
|
|
;; ------------------------- ---------
|
|
3des-cbc ;[SSH-TRANS, Section 6.3]
|
|
blowfish-cbc ;[SSH-TRANS, Section 6.3]
|
|
twofish256-cbc ;[SSH-TRANS, Section 6.3]
|
|
twofish-cbc ;[SSH-TRANS, Section 6.3]
|
|
twofish192-cbc ;[SSH-TRANS, Section 6.3]
|
|
twofish128-cbc ;[SSH-TRANS, Section 6.3]
|
|
aes256-cbc ;[SSH-TRANS, Section 6.3]
|
|
aes192-cbc ;[SSH-TRANS, Section 6.3]
|
|
aes128-cbc ;[SSH-TRANS, Section 6.3]
|
|
serpent256-cbc ;[SSH-TRANS, Section 6.3]
|
|
serpent192-cbc ;[SSH-TRANS, Section 6.3]
|
|
serpent128-cbc ;[SSH-TRANS, Section 6.3]
|
|
arcfour ;[SSH-TRANS, Section 6.3]
|
|
idea-cbc ;[SSH-TRANS, Section 6.3]
|
|
cast128-cbc ;[SSH-TRANS, Section 6.3]
|
|
none ;[SSH-TRANS, Section 6.3]
|
|
des-cbc ;[FIPS-46-3] HISTORIC; See
|
|
; page 4 of [FIPS-46-3]
|
|
;; (From RFC 4344):
|
|
aes128-ctr ;RECOMMENDED AES (Rijndael) in SDCTR mode,
|
|
; with 128-bit key
|
|
aes192-ctr ;RECOMMENDED AES with 192-bit key
|
|
aes256-ctr ;RECOMMENDED AES with 256-bit key
|
|
3des-ctr ;RECOMMENDED Three-key 3DES in SDCTR mode
|
|
blowfish-ctr ;OPTIONAL Blowfish in SDCTR mode
|
|
twofish128-ctr ;OPTIONAL Twofish in SDCTR mode,
|
|
; with 128-bit key
|
|
twofish192-ctr ;OPTIONAL Twofish with 192-bit key
|
|
twofish256-ctr ;OPTIONAL Twofish with 256-bit key
|
|
serpent128-ctr ;OPTIONAL Serpent in SDCTR mode, with
|
|
; 128-bit key
|
|
serpent192-ctr ;OPTIONAL Serpent with 192-bit key
|
|
serpent256-ctr ;OPTIONAL Serpent with 256-bit key
|
|
idea-ctr ;OPTIONAL IDEA in SDCTR mode
|
|
cast128-ctr ;OPTIONAL CAST-128 in SDCTR mode,
|
|
; with 128-bit key
|
|
))
|
|
|
|
;; The following table identifies the initial assignments of the MAC
|
|
;; Algorithm Names.
|
|
(define ssh-mac-algorithm-names '(
|
|
;; MAC Algorithm Name Reference
|
|
;; ------------------ ---------
|
|
hmac-sha1 ;[SSH-TRANS, Section 6.4]
|
|
hmac-sha1-96 ;[SSH-TRANS, Section 6.4]
|
|
hmac-md5 ;[SSH-TRANS, Section 6.4]
|
|
hmac-md5-96 ;[SSH-TRANS, Section 6.4]
|
|
none ;[SSH-TRANS, Section 6.4]
|
|
))
|
|
|
|
;; The following table identifies the initial assignments of the Public
|
|
;; Key Algorithm names.
|
|
(define ssh-public-key-algorithm-names '(
|
|
;; Public Key Algorithm Name Reference
|
|
;; ------------------------- ---------
|
|
ssh-dss ;[SSH-TRANS, Section 6.6]
|
|
ssh-rsa ;[SSH-TRANS, Section 6.6]
|
|
pgp-sign-rsa ;[SSH-TRANS, Section 6.6]
|
|
pgp-sign-dss ;[SSH-TRANS, Section 6.6]
|
|
))
|
|
|
|
;; The following table identifies the initial assignments of the
|
|
;; Compression Algorithm names.
|
|
(define ssh-compression-algorithm-names '(
|
|
;; Compression Algorithm Name Reference
|
|
;; -------------------------- ---------
|
|
none ;[SSH-TRANS, Section 6.2]
|
|
zlib ;[SSH-TRANS, Section 6.2]
|
|
))
|