ssh.h

老外写的加密库cryptlib(版本3.1)

/* SSHv1 cipher types */

#define SSH1_CIPHER_NONE		0	/* No encryption */
#define SSH1_CIPHER_IDEA		1	/* IDEA/CFB */
#define SSH1_CIPHER_DES			2	/* DES/CBC */
#define SSH1_CIPHER_3DES		3	/* 3DES/inner-CBC (nonstandard) */
#define SSH1_CIPHER_TSS			4	/* Deprecated */
#define SSH1_CIPHER_RC4			5	/* RC4 */
#define SSH1_CIPHER_BLOWFISH	6	/* Blowfish */
#define SSH1_CIPHER_CRIPPLED	7	/* Reserved, from ssh 1.2.x source */

/* SSHv1 authentication types */

#define SSH1_AUTH_RHOSTS		1	/* .rhosts or /etc/hosts.equiv */
#define SSH1_AUTH_RSA			2	/* RSA challenge-response */
#define SSH1_AUTH_PASSWORD		3	/* Password */
#define SSH1_AUTH_RHOSTS_RSA	4	/* .rhosts with RSA challenge-response */
#define SSH1_AUTH_TIS			5	/* TIS authsrv */
#define SSH1_AUTH_KERBEROS		6	/* Kerberos */
#define SSH1_PASS_KERBEROS_TGT	7	/* Kerberos TGT-passing */

/* SSHv2 disconnection codes */

#define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT		1
#define SSH2_DISCONNECT_PROTOCOL_ERROR					2
#define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED				3
#define SSH2_DISCONNECT_RESERVED						4
#define SSH2_DISCONNECT_MAC_ERROR						5
#define SSH2_DISCONNECT_COMPRESSION_ERROR				6
#define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE			7
#define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED	8
#define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE			9
#define SSH2_DISCONNECT_CONNECTION_LOST					10
#define SSH2_DISCONNECT_BY_APPLICATION					11
#define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS			12
#define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER			13
#define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE	14
#define SSH2_DISCONNECT_ILLEGAL_USER_NAME				15

/* Mapping of SSHv2 algorithm names to cryptlib algorithm IDs, in preferred
   algorithm order */

typedef struct {
	const char *name;						/* Algorithm name */
	const CRYPT_ALGO_TYPE algo;				/* Algorithm ID */
	} ALGO_STRING_INFO;

/* SSH handshake state information.  This is passed around various
   subfunctions that handle individual parts of the handshake */

typedef struct SH {
	/* SSHv1 session state information/SSHv2 exchange hash */
	BYTE cookie[ SSH2_COOKIE_SIZE ];		/* Anti-spoofing cookie */
	BYTE sessionID[ CRYPT_MAX_HASHSIZE ];	/* Session ID/exchange hash */
	int sessionIDlength;
	CRYPT_CONTEXT iExchangeHashcontext;		/* Hash of exchanged info */

	/* Information needed to compute the session ID.  SSHv1 requires the
	   host and server key modulus, SSHv2 requires the client DH value
	   (along with various other things, but these are hashed inline).
	   The SSHv2 values are in MPI-encoded form, so we need to reserve a
	   little extra room for the length and leading zero-padding.  Since the
	   data fields are rather large and also disjoint, we alias one to the
	   other */
	BYTE hostModulus[ CRYPT_MAX_PKCSIZE + 16 ];
	BYTE serverModulus[ CRYPT_MAX_PKCSIZE + 16 ];
	int hostModulusLength, serverModulusLength;
	#define clientKeyexValue		hostModulus
	#define serverKeyexValue		serverModulus
	#define clientKeyexValueLength	hostModulusLength
	#define serverKeyexValueLength	serverModulusLength

	/* Encryption algorithm and key information */
	CRYPT_ALGO_TYPE pubkeyAlgo;				/* Host signature algo */
	BYTE secretValue[ CRYPT_MAX_PKCSIZE ];	/* Shared secret value */
	int secretValueLength;

	/* Short-term server key (SSHv1) or DH key agreement context (SSHv2),
	   and the client requested DH key size for the SSHv2 key exchange.
	   Alongside the actual key size, we also store the original encoded
	   form, which has to be hashed as part of the exchange hash.  The 
	   long-term host key is stored as the session info iKeyexCryptContext 
	   for the client and privateKey for the server */
	CRYPT_CONTEXT iServerCryptContext;
	int serverKeySize, requestedServerKeySize;
	BYTE encodedReqKeySizes[ UINT_SIZE * 3 ];
	int encodedReqKeySizesLength;

	/* Tables mapping SSHv2 algorithm names to cryptlib algorithm IDs.  
	   These are declared once in ssh2.c and referred to here via pointers 
	   to allow them to be static const, which is necessary in some
	   environments to get them into the read-only segment */
	const FAR_BSS ALGO_STRING_INFO *algoStringPubkeyTbl, 
								   *algoStringUserauthentTbl;

	/* Function pointers to handshaking functions.  These are set up as 
	   required depending on whether the protocol being used is v1 or v2, 
	   and the session is client or server */
	int ( *beginHandshake )( SESSION_INFO *sessionInfoPtr,
							 struct SH *handshakeInfo );
	int ( *exchangeKeys )( SESSION_INFO *sessionInfoPtr,
						   struct SH *handshakeInfo );
	int ( *completeHandshake )( SESSION_INFO *sessionInfoPtr,
								struct SH *handshakeInfo );
	} SSH_HANDSHAKE_INFO;

/* Prototypes for functions in ssh.c */

int initSecurityContexts( SESSION_INFO *sessionInfoPtr );
int encodeString( BYTE *buffer, const BYTE *string, const int stringLength );

/* Prototypes for functions in ssh2.c */

int initSecurityInfo( SESSION_INFO *sessionInfoPtr,
					  SSH_HANDSHAKE_INFO *handshakeInfo );
int getAlgoID( const ALGO_STRING_INFO *algoInfo, CRYPT_ALGO_TYPE *algo, 
			   const CRYPT_ALGO_TYPE preferredAlgo, const BYTE *string, 
			   const int maxLength, void *errorInfo );
int putAlgoID( BYTE **bufPtrPtr, const CRYPT_ALGO_TYPE algo );
int initDHcontext( CRYPT_CONTEXT *iCryptContext, int *keySize, 
				   const void *keyData, const int keyDataLength,
				   const int requestedKeySize );
int hashAsString( const CRYPT_CONTEXT iHashContext,
				  const BYTE *data, const int dataLength );
int hashAsMPI( const CRYPT_CONTEXT iHashContext, const BYTE *data, 
			   const int dataLength );
int encodeMPI( BYTE *buffer, const BYTE *value,
			   const int valueLength );
int completeKeyex( SESSION_INFO *sessionInfoPtr, 
				   SSH_HANDSHAKE_INFO *handshakeInfo, 
				   const BOOLEAN isServer );
int wrapPacket( SESSION_INFO *sessionInfoPtr, BYTE *bufPtr,
				const int dataLength );
int sendPacketSSH2( SESSION_INFO *sessionInfoPtr, const int dataLength,
					const BOOLEAN sendOnly );
int readPacketSSH2( SESSION_INFO *sessionInfoPtr, int expectedType );
int processHello( SESSION_INFO *sessionInfoPtr, 
				  SSH_HANDSHAKE_INFO *handshakeInfo, int *serverKeyexLength,
				  const BOOLEAN isServer );
int processRequest( SESSION_INFO *sessionInfoPtr, const BYTE *data,
					const int dataLength );

/* Prototypes for functions in ssh2_svr.c */

int getAddressAndPort( SESSION_INFO *sessionInfoPtr, const BYTE *data,
					   const int dataLength );
int processChannelOpen( SESSION_INFO *sessionInfoPtr, const BYTE *data,
						const int dataLength );

/* Prototypes for session mapping functions */

void initSSH1processing( SESSION_INFO *sessionInfoPtr,
						 SSH_HANDSHAKE_INFO *handshakeInfo,
						 const BOOLEAN isServer );
void initSSH2processing( SESSION_INFO *sessionInfoPtr,
						 SSH_HANDSHAKE_INFO *handshakeInfo,
						 const BOOLEAN isServer );
void initSSH2clientProcessing( SESSION_INFO *sessionInfoPtr,
							   SSH_HANDSHAKE_INFO *handshakeInfo );
void initSSH2serverProcessing( SESSION_INFO *sessionInfoPtr,
							   SSH_HANDSHAKE_INFO *handshakeInfo );

#ifndef USE_SSH1
  #define initSSH1processing	initSSH2processing
#endif /* USE_SSH1 */
#ifndef USE_SSH2
  #define initSSH2processing	initSSH1processing
#endif /* USE_SSH2 */
#endif /* _SSH_DEFINED */