crussh 0.1.0

data/lib/crussh/kex.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Kex
+    STRICT_SERVER = "kex-strict-s-v00@openssh.com"
+    STRICT_CLIENT = "kex-strict-c-v00@openssh.com"
+
+    EXT_INFO_SERVER = "ext-info-s"
+    EXT_INFO_CLIENT = "ext-info-c"
+
+    CURVE25519_SHA256 = "curve25519-sha256"
+    CURVE25519_SHA256_LIBSSH = "curve25519-sha256@libssh.org"
+
+    DEFAULT = [CURVE25519_SHA256, CURVE25519_SHA256_LIBSSH, STRICT_SERVER, EXT_INFO_SERVER]
+
+    REGISTRY = {
+      CURVE25519_SHA256 => Curve25519,
+      CURVE25519_SHA256_LIBSSH => Curve25519,
+    }
+
+    class << self
+      def from_name(name)
+        algorithm_class = REGISTRY[name]
+
+        raise UnknownAlgorithm, "Unknown KEX algorithm: #{name}" if algorithm_class.nil?
+
+        algorithm_class.new
+      end
+    end
+
+    Parameters = Data.define(
+      :client_id,
+      :server_id,
+      :client_kexinit,
+      :server_kexinit,
+      :server_host_key,
+      :client_public,
+      :server_public,
+      :shared_secret,
+    )
+  end
+end

data/lib/crussh/keys/key_pair.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Keys
+    class KeyPair
+      def initialize(private_key, signature_algorithm: nil)
+        @private_key = private_key
+        @signature_algorithm = signature_algorithm || default_signature_algorithm
+      end
+
+      attr_reader :signature_algorithm
+
+      def algorithm
+        @private_key.public_key.algo
+      end
+
+      def public_key_blob
+        @private_key.public_key.rfc4253
+      end
+
+      def sign(data)
+        @private_key.sign(data, algo: @signature_algorithm)
+      end
+
+      def verify(data, signature)
+        @private_key.public_key.verify(data, signature)
+      end
+
+      def public_key
+        @public_key ||= PublicKey.new(@private_key.public_key)
+      end
+
+      def fingerprint
+        public_key.fingerprint
+      end
+
+      def to_authorized_key(comment: nil)
+        public_key.to_authorized_key(comment:)
+      end
+
+      def to_openssh(passphrase: nil, comment: "")
+        @private_key.openssh(comment: comment)
+      end
+
+      private
+
+      def default_signature_algorithm
+        case @private_key
+        when SSHData::PrivateKey::ED25519
+          ED25519
+        when SSHData::PrivateKey::RSA
+          RSA_SHA512
+        when SSHData::PrivateKey::ECDSA
+          @private_key.public_key.algo
+        else
+          @private_key.public_key.algo
+        end
+      end
+    end
+  end
+end

data/lib/crussh/keys/public_key.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Keys
+    class PublicKey
+      def initialize(public_key)
+        @public_key = public_key
+      end
+
+      def algorithm
+        @public_key.algo
+      end
+
+      def encode
+        @public_key.rfc4253
+      end
+
+      def verify(data, signature)
+        @public_key.verify(data, signature)
+      rescue SSHData::VerifyError
+        false
+      end
+
+      def fingerprint
+        @public_key.fingerprint
+      end
+
+      def to_authorized_key(comment: nil)
+        parts = [@public_key.algo, Base64.strict_encode64(@public_key.encode)]
+        parts << comment if comment
+        parts.join(" ")
+      end
+    end
+  end
+end

data/lib/crussh/keys.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require "ed25519"
+require "ssh_data"
+
+module Crussh
+  module Keys
+    ED25519    = "ssh-ed25519"
+    RSA_SHA256 = "rsa-sha2-256"
+    RSA_SHA512 = "rsa-sha2-512"
+    ECDSA_P256 = "ecdsa-sha2-nistp256"
+    ECDSA_P384 = "ecdsa-sha2-nistp384"
+    ECDSA_P521 = "ecdsa-sha2-nistp521"
+
+    DEFAULT = [
+      ED25519,
+      RSA_SHA512,
+      RSA_SHA256,
+    ]
+
+    class << self
+      def generate(algorithm = ED25519)
+        private_key = case algorithm
+        when ED25519
+          SSHData::PrivateKey::ED25519.generate
+        when RSA_SHA256, RSA_SHA512
+          SSHData::PrivateKey::RSA.generate
+        when ECDSA_P256
+          SSHData::PrivateKey::ECDSA.generate("nistp256")
+        when ECDSA_P384
+          SSHData::PrivateKey::ECDSA.generate("nistp384")
+        when ECDSA_P521
+          SSHData::PrivateKey::ECDSA.generate("nistp521")
+        else
+          raise KeyError, "Unknown algorithm: #{algorithm}"
+        end
+
+        KeyPair.new(private_key, signature_algorithm: algorithm)
+      end
+
+      def from_openssh(data, passphrase: nil)
+        private_key = SSHData::PrivateKey.parse_openssh(data, passphrase:)
+        KeyPair.new(private_key)
+      rescue SSHData::DecryptError
+        raise KeyError, "Invalid passphrase or corrupted key"
+      rescue SSHData::DecodeError => e
+        raise KeyError, "Failed to parse key: #{e.message}"
+      end
+
+      def from_file(path, passphrase: nil)
+        from_openssh(File.read(path), passphrase:)
+      end
+
+      def parse_public_blob(data)
+        public_key = SSHData::PublicKey.parse(data)
+
+        PublicKey.new(public_key)
+      rescue SSHData::DecodeError => e
+        raise KeyError, "Failed to parse public key: #{e.message}"
+      end
+
+      def parse_authorized_key(data)
+        public_key = SSHData::PublicKey.parse_openssh(data)
+        PublicKey.new(public_key)
+      rescue SSHData::DecodeError => e
+        raise KeyError, "Failed to parse public key: #{e.message}"
+      end
+    end
+  end
+end

data/lib/crussh/limits.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Crussh
+  # Thresholds for when to perform key re-exchange.
+  # Rekeying is important for long-lived connections to limit
+  # the amount of data encrypted under a single key.
+  class Limits
+    ONE_GB = 1 << 30
+    ONE_HOUR = 3600
+
+    attr_accessor :rekey_write_limit,
+      :rekey_read_limit,
+      :rekey_time_limit
+
+    # defaults from
+    # https://datatracker.ietf.org/doc/html/rfc4253#section-9
+    def initialize(
+      rekey_write_limit: ONE_GB,
+      rekey_read_limit: ONE_GB,
+      rekey_time_limit: ONE_HOUR
+    )
+      @rekey_write_limit = rekey_write_limit
+      @rekey_read_limit = rekey_read_limit
+      @rekey_time_limit = rekey_time_limit
+    end
+
+    def over?(read:, written:, time:)
+      over_read?(read) || over_write?(written) || over_time?(time)
+    end
+
+    private
+
+    def over_read?(read)
+      read >= rekey_read_limit
+    end
+
+    def over_write?(written)
+      written >= rekey_write_limit
+    end
+
+    def over_time?(time)
+      (Time.now - time) >= rekey_time_limit
+    end
+  end
+end

data/lib/crussh/logger.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Logger
+    class Filter
+      DEFAULT_FILTERED_KEYS = [
+        :password,
+        :passphrase,
+        :private_key,
+        :secret,
+        :key_blob,
+        :signature,
+        :shared_secret,
+        :session_id,
+        :mac_key,
+        :encryption_key,
+        :iv,
+        :nonce,
+        :token,
+        :credential,
+      ].freeze
+
+      FILTERED = "[FILTERED]"
+      BINARY_PREVIEW_BYTES = 4
+
+      def initialize(keys: DEFAULT_FILTERED_KEYS)
+        @keys = keys.map(&:to_s)
+      end
+
+      def apply(value, key: nil)
+        return FILTERED if key && filter_key?(key)
+
+        case value
+        when Hash
+          value.to_h { |k, v| [k, apply(v, key: k)] }
+        when Array
+          value.map { |v| apply(v) }
+        when String
+          binary?(value) ? format_binary(value) : value
+        else
+          value
+        end
+      end
+
+      private
+
+      def filter_key?(key)
+        key_s = key.to_s.downcase
+        @keys.any? { |filtered| key_s.include?(filtered) }
+      end
+
+      def binary?(value)
+        return false if value.empty?
+        return false if value.valid_encoding? && value.match?(/\A[[:print:]\s]*\z/)
+
+        true
+      end
+
+      def format_binary(value)
+        preview = value.bytes.first(BINARY_PREVIEW_BYTES)
+          .map { |b| format("%02x", b) }
+          .join
+        "<#{value.bytesize} bytes: 0x#{preview}...>"
+      end
+    end
+
+    class << self
+      attr_writer :filter
+
+      def filter
+        @filter ||= Filter.new
+      end
+
+      def debug(subject, message = nil, *args, **params)
+        Console.debug(subject, message, *args, **filter.apply(params))
+      end
+
+      def info(subject, message = nil, *args, **params)
+        Console.info(subject, message, *args, **filter.apply(params))
+      end
+
+      def warn(subject, message = nil, *args, **params)
+        Console.warn(subject, message, *args, **filter.apply(params))
+      end
+
+      def error(subject, message = nil, *args, **params)
+        Console.error(subject, message, *args, **filter.apply(params))
+      end
+
+      def fatal(subject, message = nil, *args, **params)
+        Console.fatal(subject, message, *args, **filter.apply(params))
+      end
+    end
+  end
+end

data/lib/crussh/mac/algorithm.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Mac
+    class Algorithm
+      def initialize(key)
+        @key = key
+      end
+
+      def key_length = 0
+      def mac_length = 0
+      def etm? = false
+
+      def compute(sequence, data)
+        raise NotImplementedError
+      end
+
+      def verify?(sequence, data, mac)
+        true
+      end
+    end
+  end
+end

data/lib/crussh/mac/crypto.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Mac
+    class HmacShaAlgorithm < Algorithm
+      def initialize(key)
+        super
+
+        @key = key
+      end
+
+      def compute(sequence, data)
+        OpenSSL::HMAC.digest(digest_name, @key, [sequence].pack("N") + data)
+      end
+
+      def verify?(sequence, data, mac)
+        expected = OpenSSL::HMAC.digest(digest_name, @key, [sequence].pack("N") + data)
+        OpenSSL.secure_compare(expected, mac)
+      end
+
+      private
+
+      def digest_name
+        raise NotImplementedError
+      end
+    end
+
+    class HmacSha1 < HmacShaAlgorithm
+      NAME = "hmac-sha1"
+
+      def key_length = 20
+      def mac_length = 20
+      def digest_name = "SHA1"
+    end
+
+    class HmacSha256 < HmacShaAlgorithm
+      def key_length = 32
+      def mac_length = 32
+      def digest_name = "SHA256"
+    end
+
+    class HmacSha256Etm < HmacSha256
+      def etm? = true
+    end
+
+    class HmacSha512 < HmacShaAlgorithm
+      NAME = "hmac-sha2-512"
+
+      def key_length = 64
+      def mac_length = 64
+      def digest_name = "SHA512"
+    end
+
+    class HmacSha512Etm < HmacSha512
+      NAME = "hmac-sha2-512-etm@openssh.com"
+
+      def etm? = true
+    end
+  end
+end

data/lib/crussh/mac/none.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Mac
+    class None < Algorithm
+      def compute(sequence, data) = nil
+    end
+  end
+end

data/lib/crussh/mac.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Mac
+    HMAC_SHA256 = "hmac-sha2-256"
+    HMAC_SHA256_ETM = "hmac-sha2-256-etm@openssh.com"
+    HMAC_SHA512     = "hmac-sha2-512"
+    HMAC_SHA512_ETM = "hmac-sha2-512-etm@openssh.com"
+    NONE            = "none"
+
+    DEFAULT = [
+      HMAC_SHA512_ETM,
+      HMAC_SHA256_ETM,
+    ].freeze
+
+    REGISTRY = {}
+
+    class << self
+      def from_name(name, key)
+        algorithm_class = REGISTRY[name]
+
+        raise UnknownAlgorithm, "Unknown MAC algorithm: #{name}" if algorithm_class.nil?
+
+        algorithm_class.new(key)
+      end
+    end
+  end
+end

data/lib/crussh/negotiator.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Crussh
+  class Negotiator
+    def initialize(client_kexinit, server_kexinit)
+      @client_kexinit = client_kexinit
+      @server_kexinit = server_kexinit
+    end
+
+    def negotiate
+      Algorithms.new(
+        kex: pick!(:kex_algorithms),
+        host_key: pick!(:server_host_key_algorithms),
+        cipher_client_to_server: pick!(:cipher_client_to_server),
+        cipher_server_to_client: pick!(:cipher_server_to_client),
+        mac_client_to_server: pick(:mac_client_to_server),
+        mac_server_to_client: pick(:mac_server_to_client),
+        compression_client_to_server: pick!(:compression_client_to_server),
+        compression_server_to_client: pick!(:compression_server_to_client),
+      )
+    end
+
+    private
+
+    def pick!(category)
+      pick(category) || raise(NegotiationError, "No supported common algorithm for #{category}")
+    end
+
+    def pick(category)
+      server_list, client_list = extract_lists(category)
+
+      return if client_list.empty? || server_list.empty?
+
+      client_list.find { |algorithm| server_list.include?(algorithm) }
+    end
+
+    def extract_lists(category)
+      [@server_kexinit.send(category), @client_kexinit.send(category)]
+    end
+  end
+end

data/lib/crussh/preferred.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Crussh
+  # Algorithm preferences - ordered by preference (first = most preferred)
+  class Preferred
+    def initialize
+      @kex = Kex::DEFAULT
+      @host_key = Keys::DEFAULT
+      @cipher = Cipher::DEFAULT
+      @mac = Mac::DEFAULT
+      @compression = Compression::DEFAULT
+    end
+
+    attr_accessor :kex, :host_key, :cipher, :mac, :compression
+  end
+end

data/lib/crussh/protocol/channel_close.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Protocol
+    class ChannelClose < Message
+      message_type CHANNEL_CLOSE
+
+      field :recipient_channel, :uint32
+    end
+  end
+end

data/lib/crussh/protocol/channel_data.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Protocol
+    class ChannelData < Message
+      message_type CHANNEL_DATA
+
+      field :recipient_channel, :uint32
+      field :data, :string
+    end
+  end
+end

data/lib/crussh/protocol/channel_eof.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Protocol
+    class ChannelEof < Message
+      message_type CHANNEL_EOF
+
+      field :recipient_channel, :uint32
+    end
+  end
+end

data/lib/crussh/protocol/channel_extended_data.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Protocol
+    class ChannelExtendedData < Message
+      message_type CHANNEL_EXTENDED_DATA
+
+      field :recipient_channel, :uint32
+      field :data_type_code, :uint32
+      field :data, :string
+    end
+  end
+end

data/lib/crussh/protocol/channel_failure.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Protocol
+    class ChannelFailure < Message
+      message_type CHANNEL_FAILURE
+
+      field :recipient_channel, :uint32
+    end
+  end
+end

data/lib/crussh/protocol/channel_open.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Protocol
+    class ChannelOpen < Message
+      message_type CHANNEL_OPEN
+
+      field :channel_type, :string
+      field :sender_channel, :uint32
+      field :initial_window_size, :uint32
+      field :maximum_packet_size, :uint32
+      field :channel_data, :remaining
+
+      def x11?
+        channel_type == "x11"
+      end
+
+      def forwarded_tcpip?
+        channel_type == "forwarded-tcpip"
+      end
+
+      def direct_tcpip?
+        channel_type == "direct-tcpip"
+      end
+
+      def x11
+        return @x11 if @x11
+        return unless x11?
+
+        reader = Transport::Reader.new(channel_data)
+
+        originator_address = reader.string
+        originator_port = reader.uint32
+
+        @x11 = X11.new(originator_address:, originator_port:)
+      end
+      X11 = Data.define(:originator_address, :originator_port)
+
+      def forwarded_tcpip
+        return @forwarded_tcpip if @forwarded_tcpip
+        return unless forwarded_tcpip?
+
+        reader = Transport::Reader.new(channel_data)
+
+        address = reader.string
+        port = reader.uint32
+        originator_address = reader.string
+        originator_port = reader.uint32
+
+        @forwarded_tcpip = Tcpip.new(address:, port:, originator_address:, originator_port:)
+      end
+      Tcpip = Data.define(:address, :port, :originator_address, :originator_port)
+
+      def direct_tcpip
+        return @direct_tcpip if @direct_tcpip
+        return unless direct_tcpip?
+
+        reader = Transport::Reader.new(channel_data)
+
+        address = reader.string
+        port = reader.uint32
+        originator_address = reader.string
+        originator_port = reader.uint32
+
+        @direct_tcpip = Tcpip.new(address:, port:, originator_address:, originator_port:)
+      end
+    end
+  end
+end

data/lib/crussh/protocol/channel_open_confirmation.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Protocol
+    class ChannelOpenConfirmation < Message
+      message_type CHANNEL_OPEN_CONFIRMATION
+
+      field :recipient_channel, :uint32
+      field :sender_channel, :uint32
+      field :initial_window_size, :uint32
+      field :maximum_packet_size, :uint32
+      field :channel_data, :remaining, default: ""
+    end
+  end
+end

data/lib/crussh/protocol/channel_open_failure.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Crussh
+  module Protocol
+    class ChannelOpenFailure < Message
+      message_type CHANNEL_OPEN_FAILURE
+
+      field :recipient_channel, :uint32
+      field :reason_code, :uint32
+      field :description, :string
+      field :language, :string, default: ""
+    end
+  end
+end