Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/ssh.h

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/ssh.h

Parent Directory Parent Directory | Revision Log Revision Log

Revision 4531 - (show annotations) (download) (as text)
Tue Jul 26 08:50:11 2011 UTC (12 years, 8 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/ssh.h
File MIME type: text/x-chdr
File size: 23356 byte(s) 
RFC 4255 "Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints" 対応の準備
http://tools.ietf.org/html/rfc4255

VerifyHostKeyDNS = 1 にすると、ホスト鍵の検証を行う。
検証するだけで検証結果は使ってないけれど。

DNSSEC 未対応の問題が有るので、その部分について検討中。
解決する目途が立っていないので、もしかするとお蔵入りするかも。

Windows95/98/Me/NT4 では動かないかも。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /*
30 This code is copyright (C) 1998-1999 Robert O'Callahan.
31 See LICENSE.TXT for the license.
32 */
33
34 #ifndef __SSH_H
35 #define __SSH_H
36
37 #include "zlib.h"
38 #include <openssl/evp.h>
39
40 #include "buffer.h"
41 #include "config.h"
42
43 #define DEBUG_PRINT_TO_FILE(base, msg, len) { \
44 static int count = 0; \
45 debug_print(count + base, msg, len); \
46 count++; \
47 }
48
49 // from OpenSSH
50 extern const EVP_CIPHER *evp_aes_128_ctr(void);
51 extern const EVP_CIPHER *evp_des3_ctr(void);
52 extern const EVP_CIPHER *evp_bf_ctr(void);
53 extern const EVP_CIPHER *evp_cast5_ctr(void);
54 #ifdef WITH_CAMELLIA_DRAFT
55 extern const EVP_CIPHER *evp_camellia_128_ctr(void);
56 #endif // WITH_CAMELLIA_DRAFT
57
58 /* Some of this code has been adapted from Ian Goldberg's Pilot SSH */
59
60 typedef enum {
61 SSH_MSG_NONE, SSH_MSG_DISCONNECT, SSH_SMSG_PUBLIC_KEY, //2
62 SSH_CMSG_SESSION_KEY, SSH_CMSG_USER, SSH_CMSG_AUTH_RHOSTS, // 5
63 SSH_CMSG_AUTH_RSA, SSH_SMSG_AUTH_RSA_CHALLENGE,
64 SSH_CMSG_AUTH_RSA_RESPONSE, SSH_CMSG_AUTH_PASSWORD,
65 SSH_CMSG_REQUEST_PTY, // 10
66 SSH_CMSG_WINDOW_SIZE, SSH_CMSG_EXEC_SHELL,
67 SSH_CMSG_EXEC_CMD, SSH_SMSG_SUCCESS, SSH_SMSG_FAILURE,
68 SSH_CMSG_STDIN_DATA, SSH_SMSG_STDOUT_DATA, SSH_SMSG_STDERR_DATA,
69 SSH_CMSG_EOF, SSH_SMSG_EXITSTATUS,
70 SSH_MSG_CHANNEL_OPEN_CONFIRMATION, SSH_MSG_CHANNEL_OPEN_FAILURE,
71 SSH_MSG_CHANNEL_DATA, SSH_MSG_CHANNEL_INPUT_EOF,
72 SSH_MSG_CHANNEL_OUTPUT_CLOSED, SSH_MSG_OBSOLETED0,
73 SSH_SMSG_X11_OPEN, SSH_CMSG_PORT_FORWARD_REQUEST, SSH_MSG_PORT_OPEN,
74 SSH_CMSG_AGENT_REQUEST_FORWARDING, SSH_SMSG_AGENT_OPEN,
75 SSH_MSG_IGNORE, SSH_CMSG_EXIT_CONFIRMATION,
76 SSH_CMSG_X11_REQUEST_FORWARDING, SSH_CMSG_AUTH_RHOSTS_RSA,
77 SSH_MSG_DEBUG, SSH_CMSG_REQUEST_COMPRESSION,
78 SSH_CMSG_MAX_PACKET_SIZE, SSH_CMSG_AUTH_TIS,
79 SSH_SMSG_AUTH_TIS_CHALLENGE, SSH_CMSG_AUTH_TIS_RESPONSE,
80 SSH_CMSG_AUTH_KERBEROS, SSH_SMSG_AUTH_KERBEROS_RESPONSE
81 } SSHMessage;
82
83 typedef enum {
84 SSH_CIPHER_NONE, SSH_CIPHER_IDEA, SSH_CIPHER_DES, SSH_CIPHER_3DES,
85 SSH_CIPHER_TSS, SSH_CIPHER_RC4, SSH_CIPHER_BLOWFISH,
86 // for SSH2
87 SSH2_CIPHER_3DES_CBC, SSH2_CIPHER_AES128_CBC,
88 SSH2_CIPHER_AES192_CBC, SSH2_CIPHER_AES256_CBC,
89 SSH2_CIPHER_BLOWFISH_CBC, SSH2_CIPHER_AES128_CTR,
90 SSH2_CIPHER_AES192_CTR, SSH2_CIPHER_AES256_CTR,
91 SSH2_CIPHER_ARCFOUR, SSH2_CIPHER_ARCFOUR128, SSH2_CIPHER_ARCFOUR256,
92 SSH2_CIPHER_CAST128_CBC,
93 SSH2_CIPHER_3DES_CTR, SSH2_CIPHER_BLOWFISH_CTR, SSH2_CIPHER_CAST128_CTR,
94 #ifdef WITH_CAMELLIA_DRAFT
95 SSH2_CIPHER_CAMELLIA128_CBC, SSH2_CIPHER_CAMELLIA192_CBC, SSH2_CIPHER_CAMELLIA256_CBC,
96 SSH2_CIPHER_CAMELLIA128_CTR, SSH2_CIPHER_CAMELLIA192_CTR, SSH2_CIPHER_CAMELLIA256_CTR,
97 SSH_CIPHER_MAX = SSH2_CIPHER_CAMELLIA256_CTR,
98 #else // WITH_CAMELLIA_DRAFT
99 SSH_CIPHER_MAX = SSH2_CIPHER_CAST128_CTR,
100 #endif // WITH_CAMELLIA_DRAFT
101 } SSHCipher;
102
103 typedef enum {
104 SSH_AUTH_NONE, SSH_AUTH_RHOSTS, SSH_AUTH_RSA, SSH_AUTH_PASSWORD,
105 SSH_AUTH_RHOSTS_RSA, SSH_AUTH_TIS, SSH_AUTH_KERBEROS,
106 SSH_AUTH_PAGEANT = 16,
107 SSH_AUTH_MAX = SSH_AUTH_PAGEANT,
108 } SSHAuthMethod;
109
110 typedef enum {
111 SSH_GENERIC_AUTHENTICATION, SSH_TIS_AUTHENTICATION
112 } SSHAuthMode;
113
114 #define SSH_PROTOFLAG_SCREEN_NUMBER 1
115 #define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2
116
117 enum channel_type {
118 TYPE_SHELL, TYPE_PORTFWD, TYPE_SCP, TYPE_SFTP, TYPE_AGENT,
119 };
120
121 // for SSH1
122 #define SSH_MAX_SEND_PACKET_SIZE 250000
123
124 // for SSH2
125 /* default window/packet sizes for tcp/x11-fwd-channel */
126 // changed CHAN_SES_WINDOW_DEFAULT from 32KB to 128KB. (2007.10.29 maya)
127 #define CHAN_SES_PACKET_DEFAULT (32*1024)
128 #define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT)
129 #define CHAN_TCP_PACKET_DEFAULT (32*1024)
130 #define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT)
131 #if 0 // unused
132 #define CHAN_X11_PACKET_DEFAULT (16*1024)
133 #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
134 #endif
135
136
137 /* SSH2 constants */
138
139 /* SSH2 messages */
140 #define SSH2_MSG_DISCONNECT 1
141 #define SSH2_MSG_IGNORE 2
142 #define SSH2_MSG_UNIMPLEMENTED 3
143 #define SSH2_MSG_DEBUG 4
144 #define SSH2_MSG_SERVICE_REQUEST 5
145 #define SSH2_MSG_SERVICE_ACCEPT 6
146
147 #define SSH2_MSG_KEXINIT 20
148 #define SSH2_MSG_NEWKEYS 21
149
150 #define SSH2_MSG_KEXDH_INIT 30
151 #define SSH2_MSG_KEXDH_REPLY 31
152
153 #define SSH2_MSG_KEX_DH_GEX_GROUP 31
154 #define SSH2_MSG_KEX_DH_GEX_INIT 32
155 #define SSH2_MSG_KEX_DH_GEX_REPLY 33
156 #define SSH2_MSG_KEX_DH_GEX_REQUEST 34
157
158 #define SSH2_MSG_KEX_ECDH_INIT 30
159 #define SSH2_MSG_KEX_ECDH_REPLY 31
160
161 #define SSH2_MSG_USERAUTH_REQUEST 50
162 #define SSH2_MSG_USERAUTH_FAILURE 51
163 #define SSH2_MSG_USERAUTH_SUCCESS 52
164 #define SSH2_MSG_USERAUTH_BANNER 53
165
166 #define SSH2_MSG_USERAUTH_PK_OK 60
167 #define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60
168 #define SSH2_MSG_USERAUTH_INFO_REQUEST 60
169 #define SSH2_MSG_USERAUTH_INFO_RESPONSE 61
170
171 #define SSH2_MSG_GLOBAL_REQUEST 80
172 #define SSH2_MSG_REQUEST_SUCCESS 81
173 #define SSH2_MSG_REQUEST_FAILURE 82
174 #define SSH2_MSG_CHANNEL_OPEN 90
175 #define SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91
176 #define SSH2_MSG_CHANNEL_OPEN_FAILURE 92
177 #define SSH2_MSG_CHANNEL_WINDOW_ADJUST 93
178 #define SSH2_MSG_CHANNEL_DATA 94
179 #define SSH2_MSG_CHANNEL_EXTENDED_DATA 95
180 #define SSH2_MSG_CHANNEL_EOF 96
181 #define SSH2_MSG_CHANNEL_CLOSE 97
182 #define SSH2_MSG_CHANNEL_REQUEST 98
183 #define SSH2_MSG_CHANNEL_SUCCESS 99
184 #define SSH2_MSG_CHANNEL_FAILURE 100
185
186 /* SSH2 miscellaneous constants */
187 #define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1
188 #define SSH2_DISCONNECT_PROTOCOL_ERROR 2
189 #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3
190 #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4
191 #define SSH2_DISCONNECT_MAC_ERROR 5
192 #define SSH2_DISCONNECT_COMPRESSION_ERROR 6
193 #define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7
194 #define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8
195 #define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9
196 #define SSH2_DISCONNECT_CONNECTION_LOST 10
197 #define SSH2_DISCONNECT_BY_APPLICATION 11
198
199 #define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1
200 #define SSH2_OPEN_CONNECT_FAILED 2
201 #define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3
202 #define SSH2_OPEN_RESOURCE_SHORTAGE 4
203
204
205 // �N���C�A���g�����T�[�o������������
206 enum kex_init_proposals {
207 PROPOSAL_KEX_ALGS,
208 PROPOSAL_SERVER_HOST_KEY_ALGS,
209 PROPOSAL_ENC_ALGS_CTOS,
210 PROPOSAL_ENC_ALGS_STOC,
211 PROPOSAL_MAC_ALGS_CTOS,
212 PROPOSAL_MAC_ALGS_STOC,
213 PROPOSAL_COMP_ALGS_CTOS,
214 PROPOSAL_COMP_ALGS_STOC,
215 PROPOSAL_LANG_CTOS,
216 PROPOSAL_LANG_STOC,
217 PROPOSAL_MAX
218 };
219
220 #define KEX_DEFAULT_KEX ""
221 #define KEX_DEFAULT_PK_ALG ""
222 #define KEX_DEFAULT_ENCRYPT ""
223 #define KEX_DEFAULT_MAC ""
224 #define KEX_DEFAULT_COMP ""
225 #define KEX_DEFAULT_LANG ""
226
227 static char *myproposal[PROPOSAL_MAX] = {
228 KEX_DEFAULT_KEX,
229 KEX_DEFAULT_PK_ALG,
230 KEX_DEFAULT_ENCRYPT,
231 KEX_DEFAULT_ENCRYPT,
232 KEX_DEFAULT_MAC,
233 KEX_DEFAULT_MAC,
234 KEX_DEFAULT_COMP,
235 KEX_DEFAULT_COMP,
236 KEX_DEFAULT_LANG,
237 KEX_DEFAULT_LANG,
238 };
239
240
241 typedef enum {
242 KEY_NONE,
243 KEY_RSA1,
244 KEY_RSA,
245 KEY_DSA,
246 KEY_ECDSA256,
247 KEY_ECDSA384,
248 KEY_ECDSA521,
249 KEY_UNSPEC,
250 KEY_MAX = KEY_UNSPEC,
251 } ssh_keytype;
252 #define isECDSAkey(type) ((type) >= KEY_ECDSA256 && (type) <= KEY_ECDSA521)
253
254 typedef struct ssh2_host_key {
255 ssh_keytype type;
256 char *name;
257 } ssh2_host_key_t;
258
259 static ssh2_host_key_t ssh2_host_key[] = {
260 {KEY_RSA1, "ssh-rsa1"}, // for SSH1 only
261 {KEY_RSA, "ssh-rsa"},
262 {KEY_DSA, "ssh-dss"},
263 {KEY_ECDSA256, "ecdsa-sha2-nistp256"},
264 {KEY_ECDSA384, "ecdsa-sha2-nistp384"},
265 {KEY_ECDSA521, "ecdsa-sha2-nistp521"},
266 {KEY_UNSPEC, "ssh-unknown"},
267 {KEY_NONE, NULL},
268 };
269
270 /* Minimum modulus size (n) for RSA keys. */
271 #define SSH_RSA_MINIMUM_MODULUS_SIZE 768
272
273 #define SSH_KEYGEN_DEFAULT_BITS 2048
274 #define SSH_RSA_MINIMUM_KEY_SIZE 768
275 #define SSH_DSA_MINIMUM_KEY_SIZE 1024
276
277
278 typedef struct ssh2_cipher {
279 SSHCipher cipher;
280 char *name;
281 int block_size;
282 int key_len;
283 int discard_len;
284 const EVP_CIPHER *(*func)(void);
285 } ssh2_cipher_t;
286
287 static ssh2_cipher_t ssh2_ciphers[] = {
288 {SSH2_CIPHER_3DES_CBC, "3des-cbc", 8, 24, 0, EVP_des_ede3_cbc},
289 {SSH2_CIPHER_AES128_CBC, "aes128-cbc", 16, 16, 0, EVP_aes_128_cbc},
290 {SSH2_CIPHER_AES192_CBC, "aes192-cbc", 16, 24, 0, EVP_aes_192_cbc},
291 {SSH2_CIPHER_AES256_CBC, "aes256-cbc", 16, 32, 0, EVP_aes_256_cbc},
292 {SSH2_CIPHER_BLOWFISH_CBC, "blowfish-cbc", 8, 16, 0, EVP_bf_cbc},
293 {SSH2_CIPHER_AES128_CTR, "aes128-ctr", 16, 16, 0, evp_aes_128_ctr},
294 {SSH2_CIPHER_AES192_CTR, "aes192-ctr", 16, 24, 0, evp_aes_128_ctr},
295 {SSH2_CIPHER_AES256_CTR, "aes256-ctr", 16, 32, 0, evp_aes_128_ctr},
296 {SSH2_CIPHER_ARCFOUR, "arcfour", 8, 16, 0, EVP_rc4},
297 {SSH2_CIPHER_ARCFOUR128, "arcfour128", 8, 16, 1536, EVP_rc4},
298 {SSH2_CIPHER_ARCFOUR256, "arcfour256", 8, 32, 1536, EVP_rc4},
299 {SSH2_CIPHER_CAST128_CBC, "cast128-cbc", 8, 16, 0, EVP_cast5_cbc},
300 {SSH2_CIPHER_3DES_CTR, "3des-ctr", 8, 24, 0, evp_des3_ctr},
301 {SSH2_CIPHER_BLOWFISH_CTR, "blowfish-ctr", 8, 16, 0, evp_bf_ctr},
302 {SSH2_CIPHER_CAST128_CTR, "cast128-ctr", 8, 16, 0, evp_cast5_ctr},
303 #ifdef WITH_CAMELLIA_DRAFT
304 {SSH2_CIPHER_CAMELLIA128_CBC, "camellia128-cbc", 16, 16, 0, EVP_camellia_128_cbc},
305 {SSH2_CIPHER_CAMELLIA192_CBC, "camellia192-cbc", 16, 24, 0, EVP_camellia_192_cbc},
306 {SSH2_CIPHER_CAMELLIA256_CBC, "camellia256-cbc", 16, 32, 0, EVP_camellia_256_cbc},
307 {SSH2_CIPHER_CAMELLIA128_CTR, "camellia128-ctr", 16, 16, 0, evp_camellia_128_ctr},
308 {SSH2_CIPHER_CAMELLIA192_CTR, "camellia192-ctr", 16, 24, 0, evp_camellia_128_ctr},
309 {SSH2_CIPHER_CAMELLIA256_CTR, "camellia256-ctr", 16, 32, 0, evp_camellia_128_ctr},
310 #ifdef WITH_CAMELLIA_PRIVATE
311 {SSH2_CIPHER_CAMELLIA128_CBC, "camellia128-cbc@openssh.org", 16, 16, 0, EVP_camellia_128_cbc},
312 {SSH2_CIPHER_CAMELLIA192_CBC, "camellia192-cbc@openssh.org", 16, 24, 0, EVP_camellia_192_cbc},
313 {SSH2_CIPHER_CAMELLIA256_CBC, "camellia256-cbc@openssh.org", 16, 32, 0, EVP_camellia_256_cbc},
314 {SSH2_CIPHER_CAMELLIA128_CTR, "camellia128-ctr@openssh.org", 16, 16, 0, evp_camellia_128_ctr},
315 {SSH2_CIPHER_CAMELLIA192_CTR, "camellia192-ctr@openssh.org", 16, 24, 0, evp_camellia_128_ctr},
316 {SSH2_CIPHER_CAMELLIA256_CTR, "camellia256-ctr@openssh.org", 16, 32, 0, evp_camellia_128_ctr},
317 #endif // WITH_CAMELLIA_PRIVATE
318 #endif // WITH_CAMELLIA_DRAFT
319 {SSH_CIPHER_NONE, NULL, 0, 0, 0, NULL},
320 };
321
322
323 typedef enum {
324 KEX_DH_NONE, /* disabled line */
325 KEX_DH_GRP1_SHA1,
326 KEX_DH_GRP14_SHA1,
327 KEX_DH_GEX_SHA1,
328 KEX_DH_GEX_SHA256,
329 KEX_ECDH_SHA2_256,
330 KEX_ECDH_SHA2_384,
331 KEX_ECDH_SHA2_521,
332 KEX_DH_UNKNOWN,
333 KEX_DH_MAX = KEX_DH_UNKNOWN,
334 } kex_algorithm;
335
336 typedef struct ssh2_kex_algorithm {
337 kex_algorithm kextype;
338 char *name;
339 const EVP_MD *(*evp_md)(void);
340 } ssh2_kex_algorithm_t;
341
342 static ssh2_kex_algorithm_t ssh2_kex_algorithms[] = {
343 {KEX_DH_GRP1_SHA1, "diffie-hellman-group1-sha1", EVP_sha1},
344 {KEX_DH_GRP14_SHA1, "diffie-hellman-group14-sha1", EVP_sha1},
345 {KEX_DH_GEX_SHA1, "diffie-hellman-group-exchange-sha1", EVP_sha1},
346 {KEX_DH_GEX_SHA256, "diffie-hellman-group-exchange-sha256", EVP_sha256},
347 {KEX_ECDH_SHA2_256, "ecdh-sha2-nistp256", EVP_sha256},
348 {KEX_ECDH_SHA2_384, "ecdh-sha2-nistp384", EVP_sha384},
349 {KEX_ECDH_SHA2_521, "ecdh-sha2-nistp521", EVP_sha512},
350 {KEX_DH_NONE , NULL, NULL},
351 };
352
353
354 typedef enum {
355 HMAC_NONE, /* disabled line */
356 HMAC_SHA1,
357 HMAC_MD5,
358 HMAC_SHA1_96,
359 HMAC_MD5_96,
360 HMAC_RIPEMD160,
361 #ifdef WITH_HMAC_SHA2_DRAFT // HMAC-SHA2 support
362 HMAC_SHA2_256,
363 HMAC_SHA2_256_96,
364 HMAC_SHA2_512,
365 HMAC_SHA2_512_96,
366 #endif // HMAC-SHA2 support
367 HMAC_UNKNOWN,
368 HMAC_MAX = HMAC_UNKNOWN,
369 } hmac_type;
370
371 typedef struct ssh2_mac {
372 hmac_type type;
373 char *name;
374 const EVP_MD *(*evp_md)(void);
375 int truncatebits;
376 } ssh2_mac_t;
377
378 static ssh2_mac_t ssh2_macs[] = {
379 {HMAC_SHA1, "hmac-sha1", EVP_sha1, 0},
380 {HMAC_MD5, "hmac-md5", EVP_md5, 0},
381 {HMAC_SHA1_96, "hmac-sha1-96", EVP_sha1, 96},
382 {HMAC_MD5_96, "hmac-md5-96", EVP_md5, 96},
383 {HMAC_RIPEMD160, "hmac-ripemd160@openssh.com", EVP_ripemd160, 0},
384 #ifdef WITH_HMAC_SHA2_DRAFT // HMAC-SHA2 support
385 {HMAC_SHA2_256, "hmac-sha2-256", EVP_sha256, 0},
386 {HMAC_SHA2_256_96, "hmac-sha2-256-96", EVP_sha256, 96},
387 {HMAC_SHA2_512, "hmac-sha2-512", EVP_sha512, 0},
388 {HMAC_SHA2_512_96, "hmac-sha2-512-96", EVP_sha512, 96},
389 #endif // HMAC-SHA2 support
390 {HMAC_NONE, NULL, NULL, 0},
391 };
392
393
394 typedef enum {
395 COMP_NONE, /* disabled line */
396 COMP_NOCOMP,
397 COMP_ZLIB,
398 COMP_DELAYED,
399 COMP_UNKNOWN,
400 COMP_MAX = COMP_UNKNOWN,
401 } compression_type;
402
403 typedef struct ssh2_comp {
404 compression_type type;
405 char *name;
406 } ssh2_comp_t;
407
408 static ssh2_comp_t ssh2_comps[] = {
409 {COMP_NOCOMP, "none"},
410 {COMP_ZLIB, "zlib"},
411 {COMP_DELAYED, "zlib@openssh.com"},
412 {COMP_NONE, NULL},
413 };
414
415
416 struct Enc {
417 u_char *key;
418 u_char *iv;
419 unsigned int key_len;
420 unsigned int block_size;
421 };
422
423 struct Mac {
424 char *name;
425 int enabled;
426 const EVP_MD *md;
427 int mac_len;
428 u_char *key;
429 int key_len;
430 };
431
432 struct Comp {
433 int type;
434 int enabled;
435 char *name;
436 };
437
438 typedef struct {
439 struct Enc enc;
440 struct Mac mac;
441 struct Comp comp;
442 } Newkeys;
443
444 #define roundup(x, y) ((((x)+((y)-1))/(y))*(y))
445
446 enum kex_modes {
447 MODE_IN,
448 MODE_OUT,
449 MODE_MAX
450 };
451
452
453 // �z�X�g�L�[(SSH1, SSH2����)���f�[�^�\�� (2006.3.21 yutaka)
454 typedef struct Key {
455 // host key type
456 ssh_keytype type;
457 // SSH2 RSA
458 RSA *rsa;
459 // SSH2 DSA
460 DSA *dsa;
461 // SSH2 ECDSA
462 EC_KEY *ecdsa;
463 // SSH1 RSA
464 int bits;
465 unsigned char *exp;
466 unsigned char *mod;
467 } Key;
468
469 // fingerprint������
470 enum fp_rep {
471 SSH_FP_HEX,
472 SSH_FP_BUBBLEBABBLE,
473 SSH_FP_RANDOMART
474 };
475
476 enum fp_type {
477 SSH_FP_SHA1,
478 SSH_FP_MD5
479 };
480
481 enum sshfp_types {
482 SSHFP_KEY_RESERVED,
483 SSHFP_KEY_RSA,
484 SSHFP_KEY_DSA
485 };
486
487 enum sshfp_hashes {
488 SSHFP_HASH_RESERVED,
489 SSHFP_HASH_SHA1
490 };
491
492 enum scp_dir {
493 TOREMOTE, FROMREMOTE,
494 };
495
496 /* The packet handler returns TRUE to keep the handler in place,
497 FALSE to remove the handler. */
498 typedef BOOL (* SSHPacketHandler)(PTInstVar pvar);
499
500 typedef struct _SSHPacketHandlerItem SSHPacketHandlerItem;
501 struct _SSHPacketHandlerItem {
502 SSHPacketHandler handler;
503 /* Circular list of handlers for given message */
504 SSHPacketHandlerItem FAR * next_for_message;
505 SSHPacketHandlerItem FAR * last_for_message;
506 /* Circular list of handlers in set */
507 SSHPacketHandlerItem FAR * next_in_set;
508 int active_for_message;
509 };
510
511 typedef struct {
512 char FAR * hostname;
513
514 int server_protocol_flags;
515 char FAR * server_ID;
516
517 /* This buffer is used to hold the outgoing data, and encrypted in-place
518 here if necessary. */
519 unsigned char FAR * outbuf;
520 long outbuflen;
521 /* This buffer is used by the SSH protocol processing to store uncompressed
522 packet data for compression. User data is never streamed through here;
523 it is compressed directly from the user's buffer. */
524 unsigned char FAR * precompress_outbuf;
525 long precompress_outbuflen;
526 /* this is the length of the packet data, including the type header */
527 long outgoing_packet_len;
528
529 /* This buffer is used by the SSH protocol processing to store decompressed
530 packet data. User data is never streamed through here; it is decompressed
531 directly to the user's buffer. */
532 unsigned char FAR * postdecompress_inbuf;
533 long postdecompress_inbuflen;
534
535 unsigned char FAR * payload;
536 long payload_grabbed;
537 long payloadlen;
538 long payload_datastart;
539 long payload_datalen;
540
541 uint32 receiver_sequence_number;
542 uint32 sender_sequence_number;
543
544 z_stream compress_stream;
545 z_stream decompress_stream;
546 BOOL compressing;
547 BOOL decompressing;
548 int compression_level;
549
550 SSHPacketHandlerItem FAR * packet_handlers[256];
551 int status_flags;
552
553 int win_cols;
554 int win_rows;
555
556 unsigned short tcpport;
557 } SSHState;
558
559 #define STATUS_DONT_SEND_USER_NAME 0x01
560 #define STATUS_EXPECTING_COMPRESSION_RESPONSE 0x02
561 #define STATUS_DONT_SEND_CREDENTIALS 0x04
562 #define STATUS_HOST_OK 0x08
563 #define STATUS_INTERACTIVE 0x10
564 #define STATUS_IN_PARTIAL_ID_STRING 0x20
565
566 void SSH_init(PTInstVar pvar);
567 void SSH_open(PTInstVar pvar);
568 void SSH_notify_disconnecting(PTInstVar pvar, char FAR * reason);
569 /* SSH_handle_server_ID returns TRUE iff a valid ID string has been
570 received. If it returns FALSE, we need to keep looking for another
571 ID string. */
572 BOOL SSH_handle_server_ID(PTInstVar pvar, char FAR * ID, int ID_len);
573 /* SSH_handle_packet requires NO PAYLOAD on entry.
574 'len' is the size of the packet: payload + padding (+ CRC for SSHv1)
575 'padding' is the size of the padding.
576 'data' points to the start of the packet data (the length field)
577 */
578 void SSH_handle_packet(PTInstVar pvar, char FAR * data, int len, int padding);
579 void SSH_notify_win_size(PTInstVar pvar, int cols, int rows);
580 void SSH_notify_user_name(PTInstVar pvar);
581 void SSH_notify_cred(PTInstVar pvar);
582 void SSH_notify_host_OK(PTInstVar pvar);
583 void SSH_send(PTInstVar pvar, unsigned char const FAR * buf, unsigned int buflen);
584 /* SSH_extract_payload returns number of bytes extracted */
585 int SSH_extract_payload(PTInstVar pvar, unsigned char FAR * dest, int len);
586 void SSH_end(PTInstVar pvar);
587
588 void SSH_get_server_ID_info(PTInstVar pvar, char FAR * dest, int len);
589 void SSH_get_protocol_version_info(PTInstVar pvar, char FAR * dest, int len);
590 void SSH_get_compression_info(PTInstVar pvar, char FAR * dest, int len);
591
592 /* len must be <= SSH_MAX_SEND_PACKET_SIZE */
593 void SSH_channel_send(PTInstVar pvar, int channel_num,
594 uint32 remote_channel_num,
595 unsigned char FAR * buf, int len);
596 void SSH_fail_channel_open(PTInstVar pvar, uint32 remote_channel_num);
597 void SSH_confirm_channel_open(PTInstVar pvar, uint32 remote_channel_num, uint32 local_channel_num);
598 void SSH_channel_output_eof(PTInstVar pvar, uint32 remote_channel_num);
599 void SSH_channel_input_eof(PTInstVar pvar, uint32 remote_channel_num, uint32 local_channel_num);
600 void SSH_request_forwarding(PTInstVar pvar, char FAR * bind_address, int from_server_port,
601 char FAR * to_local_host, int to_local_port);
602 void SSH_request_X11_forwarding(PTInstVar pvar,
603 char FAR * auth_protocol, unsigned char FAR * auth_data, int auth_data_len, int screen_num);
604 void SSH_open_channel(PTInstVar pvar, uint32 local_channel_num,
605 char FAR * to_remote_host, int to_remote_port,
606 char FAR * originator, unsigned short originator_port);
607
608 int SSH_start_scp(PTInstVar pvar, char *sendfile, char *dstfile);
609 int SSH_start_scp_receive(PTInstVar pvar, char *filename);
610 int SSH_scp_transaction(PTInstVar pvar, char *sendfile, char *dstfile, enum scp_dir direction);
611 int SSH_sftp_transaction(PTInstVar pvar);
612
613 /* auxiliary SSH2 interfaces for pkt.c */
614 int SSH_get_min_packet_size(PTInstVar pvar);
615 /* data is guaranteed to be at least SSH_get_min_packet_size bytes long
616 at least 5 bytes must be decrypted */
617 void SSH_predecrpyt_packet(PTInstVar pvar, char FAR * data);
618 int SSH_get_clear_MAC_size(PTInstVar pvar);
619
620 #define SSH_is_any_payload(pvar) ((pvar)->ssh_state.payload_datalen > 0)
621 #define SSH_get_host_name(pvar) ((pvar)->ssh_state.hostname)
622 #define SSH_get_compression_level(pvar) ((pvar)->ssh_state.compressing ? (pvar)->ts_SSH_CompressionLevel : 0)
623
624 void SSH2_send_kexinit(PTInstVar pvar);
625 BOOL do_SSH2_userauth(PTInstVar pvar);
626 BOOL do_SSH2_authrequest(PTInstVar pvar);
627 void debug_print(int no, char *msg, int len);
628 int get_cipher_block_size(SSHCipher cipher);
629 int get_cipher_key_len(SSHCipher cipher);
630 char* get_kex_algorithm_name(kex_algorithm kextype);
631 const EVP_CIPHER* get_cipher_EVP_CIPHER(SSHCipher cipher);
632 const EVP_MD* get_kex_algorithm_EVP_MD(kex_algorithm kextype);
633 char* get_ssh2_mac_name(hmac_type type);
634 const EVP_MD* get_ssh2_mac_EVP_MD(hmac_type type);
635 int get_ssh2_mac_truncatebits(hmac_type type);
636 char* get_ssh2_comp_name(compression_type type);
637 char* get_ssh_keytype_name(ssh_keytype type);
638 int get_cipher_discard_len(SSHCipher cipher);
639 void ssh_heartbeat_lock_initialize(void);
640 void ssh_heartbeat_lock_finalize(void);
641 void ssh_heartbeat_lock(void);
642 void ssh_heartbeat_unlock(void);
643 void halt_ssh_heartbeat_thread(PTInstVar pvar);
644 void ssh2_channel_free(void);
645 BOOL handle_SSH2_userauth_inforeq(PTInstVar pvar);
646 BOOL handle_SSH2_userauth_passwd_changereq(PTInstVar pvar);
647 void SSH2_update_compression_myproposal(PTInstVar pvar);
648 void SSH2_update_cipher_myproposal(PTInstVar pvar);
649 void SSH2_update_kex_myproposal(PTInstVar pvar);
650 void SSH2_update_host_key_myproposal(PTInstVar pvar);
651 void SSH2_update_hmac_myproposal(PTInstVar pvar);
652 int SSH_notify_break_signal(PTInstVar pvar);
653
654 #endif
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help