Windows SSH Meeting Notes Sunday, February 1st, 1998 (Tim, Doug, Mike) Monday, February 2nd, 1998 (Professor Yee, Doug, Tim) Immediate Goals: ================ - Tim - figuring out how terminals work. Figure out what CView will do and how the window will be repainted. - Doug - Basic network and ssh class structure. Packet builder, and handshaking. - Mike - finishing up the dialog boxes and other GUI elements. Notes: ====== - Professor Yee gave a brief overview on how Microsoft's Cryptography API worked and the basis of CSPs (Cryptographic Service Providers). If we wished to have a more platform specific implementation of the SSH protocol we could have gone this route - but we would of course be export restricted. - An important security issued was brought up (something I read) on the importance of clearing out your memory when you are done with it. Not only should you zero our the varible holding your session key, you should make sure the stack is clear. One way to accomplish this is to fill up your stack with zeros at the end of the application. Better yet is to lock out a specific portion of memory just for the crypto work and to clear it at the end of the application's life. Something we won't encounter yet, but need to think about it. - Looking at the UNIX ssh client code, it might be possible to get away and only use one thread. CRT actually uses three but perhaps we can fudge it without compromising user friendliness. We'll see as things come along. - Professor Yee remembers something about DNS hanging on Windows Sockets. Keep an eye out for it. Progress Report =============== 980202 Sunday - Mike has various dialog boxes, menus, and toolbar ready to go and merged into the source. - CVS is finally implemented. A brief demo on how source will be controlled and also stressed the importance of modularity. The first code merge will happen next week during the meeting (the best time to do them we decided). - The Teraterm source has been a god send and Doug has been using it as a basis on how to organize his portion of the project (networking/ssh). - Doug and I worked out briefly how our two parts will interact. Though this will most likely change as we explore and code further. 980130 - Discussed various strategies in splitting the project up into three blocks that could be worked by each individual. Convinced Mike that it would be a bad idea to have a Dialog Box based app. Here's how we finally split it up: - Core SSH/Network - Doug. As Doug is the most familiar with MFC he gets to tackle this portion. As Professor Yee suggested earlier in the quarter, we'll be abstracting out the SSH stuff into a non-os specific portion that could be used on other platforms. - Document / View - Me. We'll be using the MFC "Document/View" architecture which defines specific classes - "Document" is where data should be stored and the "View" class does all the "drawing". As such, the "View" class will also do the various vt100/tty terminal emulation. - Dialog Boxes / GUI - Mike. As Mike is not pursuing the 199 he did get a easy but crucial portion. He'll be designing all the various Menus, Toolbars, Status Bars, and Dialog Boxes. I'm sure he'll finish this fairly quickly though to then he can work on something else. - Two threads will be used. One for mainly the networking stuff and the other for everything else. - Originally it was on the wish list for the product to double also as a telnet app if a SSH connection was unavailable; after looking through the Telnet spec we're deciding against this at present time. - Source control will partially be done through CVS. Tim's computer will be used as a server for the master source repository. CVS's inability to handle binary files prevents it's use for the whole project. - At present we have a bare bones project file. As we have code to add to the master source repository we do so and check it in. Brainstormed and added a series of global variables < 980130 -Examine the three crypto libraries Cryto++, Cryptlib, and RSARef. Found that latest version of Cryptlib is buggy as its in beta. - Decision to use Hungarian Notation. - Read through RFC. --------