client support

.gitignore

@@ -1,4 +1,5 @@
 *.byte
 *.native
 _build
-awa-ssh.install
+*.install
+.merlin

awa-lwt.opam

@@ -0,0 +1,25 @@
+opam-version: "2.0"
+maintainer: "Christiano F. Haesbaert <haesbaert@haesbaert.org>"
+authors: "Christiano F. Haesbaert <haesbaert@haesbaert.org>"
+license: "ISC"
+homepage: "https://github.com/haesbaert/awa-ssh"
+bug-reports: "https://github.com/haesbaert/awa-ssh/issues"
+dev-repo: "git+https://github.com/haesbaert/awa-ssh.git"
+doc: "https://mirage.github.io/awa-ssh/api"
+
+build: [
+  ["dune" "subst"] {pinned}
+  ["dune" "build" "-p" name "-j" jobs]
+  ["dune" "runtest" "-p" name "-j" jobs] {with-test}
+]
+
+depends: [
+  "ocaml" {>= "4.04.2"}
+  "dune" {build & >= "1.0"}
+  "awa" {= version}
+  "cstruct"       {>= "1.9.0"}
+  "mtime"
+  "lwt"
+]
+synopsis: "SSH implementation in OCaml"
+description: """The OpenSSH protocol implemented in OCaml."""

awa-mirage.opam

@@ -0,0 +1,28 @@
+opam-version: "2.0"
+maintainer: "Christiano F. Haesbaert <haesbaert@haesbaert.org>"
+authors: "Christiano F. Haesbaert <haesbaert@haesbaert.org>"
+license: "ISC"
+homepage: "https://github.com/haesbaert/awa-ssh"
+bug-reports: "https://github.com/haesbaert/awa-ssh/issues"
+dev-repo: "git+https://github.com/haesbaert/awa-ssh.git"
+doc: "https://mirage.github.io/awa-ssh/api"
+
+build: [
+  ["dune" "subst"] {pinned}
+  ["dune" "build" "-p" name "-j" jobs]
+  ["dune" "runtest" "-p" name "-j" jobs] {with-test}
+]
+
+depends: [
+  "ocaml" {>= "4.04.2"}
+  "dune" {build & >= "1.0"}
+  "awa" {= version}
+  "cstruct" {>= "1.9.0"}
+  "mtime"
+  "lwt"
+  "mirage-flow" {>= "2.0.0"}
+  "mirage-clock" {>= "3.0.0"}
+  "logs"
+]
+synopsis: "SSH implementation in OCaml"
+description: """The OpenSSH protocol implemented in OCaml."""

awa.opam

@@ -0,0 +1,35 @@
+opam-version: "2.0"
+maintainer: "Christiano F. Haesbaert <haesbaert@haesbaert.org>"
+authors: "Christiano F. Haesbaert <haesbaert@haesbaert.org>"
+license: "ISC"
+homepage: "https://github.com/haesbaert/awa-ssh"
+bug-reports: "https://github.com/haesbaert/awa-ssh/issues"
+dev-repo: "git+https://github.com/haesbaert/awa-ssh.git"
+doc: "https://mirage.github.io/awa-ssh/api"
+
+build: [
+  ["dune" "subst"] {pinned}
+  ["dune" "build" "-p" name "-j" jobs]
+  ["dune" "runtest" "-p" name "-j" jobs] {with-test}
+]
+
+depends: [
+  "ocaml" {>= "4.04.2"}
+  "dune" {build & >= "1.0"}
+  "ppx_sexp_conv"
+  "ppx_cstruct"
+  "nocrypto"
+  "x509"
+  "cstruct" {>= "1.9.0"}
+  "cstruct-unix"
+  "cstruct-sexp"
+  "sexplib"
+  "rresult"
+  "mtime"
+  "logs"
+  "fmt"
+  "cmdliner"
+  "base64" {>= "3.0.0"}
+]
+synopsis: "SSH implementation in OCaml"
+description: """The OpenSSH protocol implemented in OCaml."""

dune-project

@@ -0,0 +1,2 @@
+(lang dune 1.0)
+(name awa)

lib/auth.ml

@@ -48,23 +48,28 @@ let by_password name password db =
   | None -> false
   | Some user -> user.password = Some password
 
+let to_hash name pubkey session_id service =
+  let open Wire in
+  put_cstring session_id (Dbuf.create ()) |>
+  put_message_id Ssh.MSG_USERAUTH_REQUEST |>
+  put_string name |>
+  put_string service |>
+  put_string "publickey" |>
+  put_bool true |>
+  put_string (Hostkey.sshname pubkey) |>
+  put_pubkey pubkey |>
+  Dbuf.to_cstruct
+
+let sign name key session_id service =
+  let data = to_hash name (Hostkey.pub_of_priv key) session_id service in
+  Hostkey.sign key data
+
 let by_pubkey name pubkey session_id service signed db =
   match lookup_user_key name pubkey db with
   | None -> false
   | Some pubkey ->
     if pubkey = Hostkey.Unknown then
       false
     else
-      let unsigned =
-        let open Wire in
-        put_cstring session_id (Dbuf.create ()) |>
-        put_message_id Ssh.MSG_USERAUTH_REQUEST |>
-        put_string name |>
-        put_string service |>
-        put_string "publickey" |>
-        put_bool true |>
-        put_string (Hostkey.sshname pubkey) |>
-        put_pubkey pubkey |>
-        Dbuf.to_cstruct
-      in
+      let unsigned = to_hash name pubkey session_id service in
       Hostkey.verify pubkey ~unsigned ~signed

lib/channel.ml

@@ -34,7 +34,7 @@ type channel = {
   us    : channel_end;
   them  : channel_end;
   state : state;
-  tosend: Cstruct.t;
+  tosend: Cstruct_sexp.t;
 } [@@deriving sexp]
 
 let compare a b =
@@ -57,7 +57,10 @@ let to_string t = Sexplib.Sexp.to_string_hum (sexp_of_channel t)
 let input_data t data =
   (* Normalize data, discard if greater than window *)
   let len = min (Cstruct.len data |> Int32.of_int) t.us.win in
-  let data = Cstruct.set_len data (Int32.to_int len) in
+  let data, left = Cstruct.split data (Int32.to_int len) in
+  if Cstruct.len left > 0 then
+    Printf.printf "channel input_data: discarding %d bytes (window size)\n%!"
+      (Cstruct.len left);
   let new_win = Int32.sub t.us.win len in
   Util.guard Int32.(new_win >= zero) "window underflow" >>= fun () ->
   let win, adjust =
@@ -78,7 +81,7 @@ let input_data t data =
 
 let output_data t data =
   let fragment data =
-    let max_pkt = t.them.max_pkt |> Int32.to_int in
+    let max_pkt = Int32.to_int t.them.max_pkt in
     let i =
       Cstruct.iter
         (fun buf ->
@@ -95,8 +98,7 @@ let output_data t data =
   in
   let tosend = Util.cs_join t.tosend data in
   let len = min (Cstruct.len tosend) (Int32.to_int t.them.win) in
-  let data = Cstruct.set_len tosend len in
-  let tosend = Cstruct.shift tosend len in
+  let data, tosend = Cstruct.split tosend len in
   let win = Int32.sub t.them.win (Int32.of_int len) in
   Util.guard Int32.(win >= zero) "window underflow" >>= fun () ->
   let t = { t with tosend; them = { t.them with win } } in
@@ -120,6 +122,8 @@ type db = channel Channel_map.t
 
 let empty_db = Channel_map.empty
 
+let is_empty = Channel_map.is_empty
+
 (* Find the next available free channel *)
 let next_free db =
   let rec linear lkey = function

lib/cipher.ml

@@ -28,7 +28,7 @@ type t =
 
 type cipher_key =
   | Plaintext_key
-  | Aes_ctr_key of (CTR.key * Nocrypto.Cipher_block.Counters.C128be.t)
+  | Aes_ctr_key of (CTR.key * Nocrypto.Cipher_block.AES.CTR.ctr)
   | Aes_cbc_key of (CBC.key * Cstruct.t)
 
 type key = {