PTPSecureServer is a secure PTP server. It uses PSec protocol to establish a secure communication with a client and grants access to the local file system over the net.
CCore-PTPSecureServer.exe <config.ddl>
To run the PTPSecureServer you must specify a configuration file as the argument. This file uses DDL to describe various server parameters. Here is an example:
PTPSecureConfig config =
{
.server_key = { Key#SHA512 , { 000h, 019h, 09Bh, 0FAh, 013h, 064h, 0D0h, 0F4h, 061h, 01Eh, 055h, 050h, 057h, 052h, 0FBh, 00Ch,
04Ah, 0A0h, 04Ah, 0F2h, 083h, 037h, 06Eh, 001h, 050h, 013h, 06Dh, 0B1h, 004h, 0A7h, 082h, 010h } },
.admin_key = { Key#SHA512 , { 09Eh, 03Fh, 083h, 09Bh, 0E3h, 0EAh, 04Ah, 0D9h, 0EEh, 0A1h, 049h, 005h, 046h, 0E6h, 0C8h, 07Ch,
0A7h, 00Dh, 0F2h, 01Ch, 030h, 0F5h, 091h, 08Bh, 03Dh, 0CFh, 090h, 00Ah, 0EAh, 0B4h, 0A8h, 025h } },
.clients = {
Ivan,
Boris,
Sergey
}
};
Client Ivan =
{
.name = 'Ivan',
.key = { Key#SHA512 , { 016h, 006h, 008h, 001h, 0A7h, 0D2h, 020h, 06Ah, 0AAh, 003h } },
.access_read = Yes ,
.access_write = No ,
.has_home = No
};
Client Boris =
{
.name = 'Boris',
.key = { Key#SHA512 , { 05Eh, 031h, 076h, 04Ah, 05Dh, 02Fh, 062h, 0A8h, 0ACh, 0ABh } },
.access_read = Yes ,
.access_write = Yes ,
.has_home = No
};
Client Sergey =
{
.name = 'Sergey',
.key = { Key#SHA512 , { 032h, 0E3h, 095h, 080h, 0D7h, 029h, 06Ch, 0F5h, 00Fh, 027h } },
.access_read = Yes ,
.access_write = Yes ,
.has_home = Yes
};
A configuration file must define a constant of the type PTPSecureConfig with the name config. This type is defined as the following:
type Bool = uint8 ;
Bool Yes = 1 ;
Bool No = 0 ;
struct Key
{
const uint8 SHA1 = 0 ;
const uint8 SHA224 = 1 ;
const uint8 SHA256 = 2 ;
const uint8 SHA384 = 3 ;
const uint8 SHA512 = 4 ;
uint8 hash_id;
uint8[] key;
};
struct Client
{
text name;
Key key;
// access rights
Bool access_read;
Bool access_write;
Bool has_home;
};
struct PTPSecureConfig
{
uint16 pke_port = 52102 ;
uint16 psec_port = 52103 ;
uint16 keyset_len = 10 ;
uint32 ttl = 3600 ;
uint32 utl = 100000000 ;
uint32 max_clients = 10000 ;
text root = './root' ;
Key server_key;
text admin_name = 'admin' ;
Key admin_key;
Client[] clients;
};
pke_port is the UDP port for the PKE communication.
psec_port is the UDP port for the PSec communication.
keyset_len is the number of keys in the session keyset.
ttl is the lifetime limit for the session key.
utl is the traffic limit for the session key.
max_clients is the client limit for the server.
root is the path to a directory. This directory is made accessible to clients by the server.
server_key is the server primary key.
admin_name is the admin name. Admin has full access rights.
admin_key is the primary key of the admin.
clients is the list of clients. Each client is described using the structure Client.
It has the following fields:
name is the client name.
key is the client primary key.
access_read grants the read access to files.
access_write grants the write access to files. Client can also create/destroy directories.
has_home determines if the client has the home folder. The home folder has the path "/home/client_name". Client can use the symbol '~' to designate its home folder.
A primary key is described by the structure Key with two fields:
hash_id determines the hash algorithm. One of the predefined constants can be used: SHA1, SHA224, SHA256, SHA384, SHA512.
key is a byte sequence key.
To use the server a client must perform the PKE negotiation process with the proper credentials over the UDP protocol with the server PKE port. Then it must open a PSec connection using the generated session key over the UDP protocol with the server PSec port. Finally, client can use this secure packet channel to perform PTP HFS transactions with the server. Server implements the PTP Support service and the HFS service without exec functions.