ios - ios中的ssh协商过程

Question

目标:使用 SSH 协议(protocol)连接到本地机器(iPod)到 unix 服务器。

首先我建立了一个用于通信的套接字连接，它完成了。

现在是与 SSH 协商的过程。

client to server -> http://@aix.polarhome.com/ssh with port : 775 (using GCDAsyncSocket)

连接成功时

server to client -> SSH-1.99-OpenSSH-6.6

client to server -> SSH-2.0-OpenSSH_6.6

server to client -> list of algo

cleint to server -> 

这个是代码格式的

 if (parsedByteArray[2] == ACK && parsedByteArray[5] == SSH_MSG_KEXINIT) {

        //1 SSH_MSG_KEXINIT
        sendByte[writeIndex++] = SSH2_MSG_KEXINIT;

        [self put32BitInteger:16 toPacket:sendByte fromIndex:writeIndex];
        writeIndex += 4;
        //2 cookie (16 random bytes)
        for (int i = 0; i < 16; i++) {
            sendByte[writeIndex++] = [self random_byte];
        }

        //3 kex_algorithms
        NSString *kex_algorithms = [self kexAlgorithms];
        [self put32BitInteger:kex_algorithms.length toPacket:sendByte fromIndex:writeIndex];
        writeIndex += 4;
        writeIndex = [self convertFromString:kex_algorithms toBytesAndFillArray:sendByte withCurrentIndex:writeIndex];

        //4 server_host_key_algorithms
        NSString *server_host_key_algorithms = [self serverHostKeyAlgorithms];
        [self put32BitInteger:server_host_key_algorithms.length toPacket:sendByte fromIndex:writeIndex];
        writeIndex += 4;
        writeIndex = [self convertFromString:server_host_key_algorithms toBytesAndFillArray:sendByte withCurrentIndex:writeIndex];

        //5 encryption_algorithms_client_to_server
        NSString *encryption_algorithms = [self encryptionAlgorithms];
        [self put32BitInteger:encryption_algorithms.length toPacket:sendByte fromIndex:writeIndex];
        writeIndex += 4;
        writeIndex = [self convertFromString:encryption_algorithms toBytesAndFillArray:sendByte withCurrentIndex:writeIndex];

        //6 encryption_algorithms_server_to_client
        [self put32BitInteger:encryption_algorithms.length toPacket:sendByte fromIndex:writeIndex];
        writeIndex += 4;
        writeIndex = [self convertFromString:encryption_algorithms toBytesAndFillArray:sendByte withCurrentIndex:writeIndex];

        //7 mac_algorithms_client_to_server
        NSString *mac_algorithms = [self macAlgorithms];
        [self put32BitInteger:mac_algorithms.length toPacket:sendByte fromIndex:writeIndex];
        writeIndex += 4;
        writeIndex = [self convertFromString:mac_algorithms toBytesAndFillArray:sendByte withCurrentIndex:writeIndex];

        //8 mac_algorithms_server_to_client
        [self put32BitInteger:mac_algorithms.length toPacket:sendByte fromIndex:writeIndex];
        writeIndex += 4;
        writeIndex = [self convertFromString:mac_algorithms toBytesAndFillArray:sendByte withCurrentIndex:writeIndex];

        //9 compression_algorithms_client_to_server
        NSString *compression_algorithms = [self compressionAlgorithms];
        [self put32BitInteger:compression_algorithms.length toPacket:sendByte fromIndex:writeIndex];
        writeIndex += 4;
        writeIndex = [self convertFromString:compression_algorithms toBytesAndFillArray:sendByte withCurrentIndex:writeIndex];

        //10 compression_algorithms_server_to_client
        [self put32BitInteger:compression_algorithms.length toPacket:sendByte fromIndex:writeIndex];
        writeIndex += 4;
        writeIndex = [self convertFromString:compression_algorithms toBytesAndFillArray:sendByte withCurrentIndex:writeIndex];

        //11 languages_client_to_server
        [self put32BitInteger:0 toPacket:sendByte fromIndex:writeIndex];
        writeIndex += 4;

        //12 languages_server_to_client
        [self put32BitInteger:0 toPacket:sendByte fromIndex:writeIndex];
        writeIndex += 4;

        //13 first_kex_packet_follows
        [self put32BitInteger:1 toPacket:sendByte fromIndex:writeIndex];
        writeIndex += 4;

        sendByte[writeIndex++] = 0; //FALSE

        //14 0 (reserved for future extension) int32
        [self put32BitInteger:0 toPacket:sendByte fromIndex:writeIndex];
        writeIndex += 4;        

        [self sendSSHBinaryPacketPayload:sendByte toLength:writeIndex];
        writeIndex = 0;
    }

-(void)put32BitInteger:(NSInteger)val toPacket:(Byte *)packet fromIndex:(int)index{
    //parse int value from 32 bit to 4 bytes and assign to packet.

    Byte bArray[4];
    bArray[3] = val;
    bArray[2] = val >> 8;
    bArray[1] = val >> 16;
    bArray[0] = val >> 24;

    for (int i = 0; i < 4; i++) {
        packet[index + i] = bArray[i];
    }
}

//SSH Encryption Algorithms
-(NSString *)kexAlgorithms{
    return @"diffie-hellman-group-exchange-sha1";
}

-(NSString *)serverHostKeyAlgorithms{
    return @"ssh-rsa";
}

-(NSString *)encryptionAlgorithms{
    return @"aes256-ctr";
}

-(NSString *)macAlgorithms{
    return @"hmac-sha2-256";
}

-(NSString *)compressionAlgorithms{
    return @"none";
}

-(NSString *)languageAlgorithms{
    return @"none";
}

server to client -> Packet corrupted.

请建议我，这是正确的方式。我需要实现哪些更正。

我不清楚的事情是
1. 版本字符串首先从服务器或客户端协商。在这里发送它的服务器和
2. 我需要以纯格式还是使用 BPP(二进制数据包协议(protocol))发送 key 交换数据。

请帮我。

Answer 1

1)不久前，我正在为一个业余项目做类似的事情。在尝试实现/理解握手过程时，我发现这本书非常有帮助:

Implementing SSL / TLS Using Cryptography and PKI by Joshua Davies

那本书提供了很好的示例代码和建议。

2)我注意到在您发布的示例代码中，您似乎有很多用 Objective-C 编写的辅助函数，如果您用纯 C 实现辅助函数，您可能会更容易提高代码的可读性。您还应该使用结构来保存数据包的数据结构，这将使您的生活更轻松。

3)根据您发布的示例代码，很难为您提供解决问题的帮助，您能否发布一个要点或更完整的代码片段。