hrr_rb_ssh 0.1.0

data/lib/hrr_rb_ssh/transport/encryption_algorithm/aes_128_cbc.rb

@@ -0,0 +1,73 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'openssl'
+
+require 'hrr_rb_ssh/logger'
+
+module HrrRbSsh
+  class Transport
+    class EncryptionAlgorithm
+      name_list = [
+        'aes128-cbc'
+      ]
+
+      class Aes128Cbc
+        CIPHER_NAME = "AES-128-CBC"
+
+        BLOCK_SIZE  = OpenSSL::Cipher.new(CIPHER_NAME).block_size
+        IV_LENGTH   = OpenSSL::Cipher.new(CIPHER_NAME).iv_len
+        KEY_LENGTH  = OpenSSL::Cipher.new(CIPHER_NAME).key_len
+
+        def initialize iv, key
+          @logger = HrrRbSsh::Logger.new self.class.name
+
+          @encryptor = OpenSSL::Cipher.new(CIPHER_NAME)
+          @encryptor.encrypt
+          @encryptor.padding = 0
+          @encryptor.iv  = iv
+          @encryptor.key = key
+
+          @decryptor = OpenSSL::Cipher.new(CIPHER_NAME)
+          @decryptor.decrypt
+          @decryptor.padding = 0
+          @decryptor.iv  = iv
+          @decryptor.key = key
+        end
+
+        def block_size
+          BLOCK_SIZE
+        end
+
+        def iv_length
+          IV_LENGTH
+        end
+
+        def key_length
+          KEY_LENGTH
+        end
+
+        def encrypt data
+          if data.empty?
+            data
+          else
+            @encryptor.update(data) + @encryptor.final
+          end
+        end
+
+        def decrypt data
+          if data.empty?
+            data
+          else
+            @decryptor.update(data) + @decryptor.final
+          end
+        end
+      end
+
+      @@list ||= Hash.new
+      name_list.each do |name|
+        @@list[name] = Aes128Cbc
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/encryption_algorithm/none.rb

@@ -0,0 +1,49 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/logger'
+
+module HrrRbSsh
+  class Transport
+    class EncryptionAlgorithm
+      name_list = [
+        'none'
+      ]
+
+      class None
+        BLOCK_SIZE  = 0
+        IV_LENGTH   = 0
+        KEY_LENGTH  = 0
+
+        def initialize iv=nil, key=nil
+          @logger = HrrRbSsh::Logger.new self.class.name
+        end
+
+        def block_size
+          BLOCK_SIZE
+        end
+
+        def iv_length
+          IV_LENGTH
+        end
+
+        def key_length
+          KEY_LENGTH
+        end
+
+        def encrypt data
+          data
+        end
+
+        def decrypt data
+          data
+        end
+      end
+
+      @@list ||= Hash.new
+      name_list.each do |name|
+        @@list[name] = None
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/encryption_algorithm.rb

@@ -0,0 +1,22 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/transport/encryption_algorithm/none'
+require 'hrr_rb_ssh/transport/encryption_algorithm/aes_128_cbc'
+
+module HrrRbSsh
+  class Transport
+    class EncryptionAlgorithm
+      @@list ||= Hash.new
+
+      def self.[] key
+        @@list[key]
+      end
+
+      def self.name_list
+        @@list.keys
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman.rb

@@ -0,0 +1,129 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/transport/data_type'
+
+module HrrRbSsh
+  class Transport
+    class KexAlgorithm
+      class DiffieHellman
+        H0_DEFINITION = [
+          ['string', 'V_C'],
+          ['string', 'V_S'],
+          ['string', 'I_C'],
+          ['string', 'I_S'],
+          ['string', 'K_S'],
+          ['mpint',  'e'],
+          ['mpint',  'f'],
+          ['mpint',  'k'],
+        ]
+
+        def initialize
+          @logger = HrrRbSsh::Logger.new self.class.name
+
+          @dh = OpenSSL::PKey::DH.new
+          if @dh.respond_to?(:set_pqg)
+            @dh.set_pqg OpenSSL::BN.new(self.class::P, 16), nil, OpenSSL::BN.new(self.class::G)
+          else
+            @dh.p = OpenSSL::BN.new(self.class::P, 16)
+            @dh.g = OpenSSL::BN.new(self.class::G)
+          end
+          @dh.generate_key!
+        end
+
+        def encode definition, payload
+          definition.map{ |data_type, field_name|
+            field_value = if payload[field_name].instance_of? ::Proc then payload[field_name].call else payload[field_name] end
+            HrrRbSsh::Transport::DataType[data_type].encode(field_value)
+          }.join
+        end
+
+        def set_e e
+          @e = e
+        end
+
+        def shared_secret
+          k = OpenSSL::BN.new(@dh.compute_key(OpenSSL::BN.new(@e)), 2).to_i
+        end
+
+        def pub_key
+          f = @dh.pub_key.to_i
+        end
+
+        def hash transport
+          e = @e
+          k = shared_secret
+          f = pub_key
+
+          h0_payload = {
+            'V_C' => transport.v_c,
+            'V_S' => transport.v_s,
+            'I_C' => transport.i_c,
+            'I_S' => transport.i_s,
+            'K_S' => transport.server_host_key_algorithm.server_public_host_key,
+            'e'   => e,
+            'f'   => f,
+            'k'   => k,
+          }
+          h0 = encode H0_DEFINITION, h0_payload
+
+          h = OpenSSL::Digest.digest self.class::DIGEST, h0
+
+          h
+        end
+
+        def sign transport
+          h = hash transport
+          s = transport.server_host_key_algorithm.sign self.class::DIGEST, h
+
+          s
+        end
+
+        def build_key(_k, h, _x, session_id, key_length)
+          k = HrrRbSsh::Transport::DataType::Mpint.encode _k
+          x = HrrRbSsh::Transport::DataType::Byte.encode _x
+
+          key = OpenSSL::Digest.digest(self.class::DIGEST, k + h + x + session_id)
+
+          while key.length < key_length
+            key = key + OpenSSL::Digest.digest(self.class::DIGEST, k + h + key )
+          end
+
+          key[0, key_length]
+        end
+
+        def iv_c_to_s transport, encryption_algorithm_c_to_s_name
+          key_length = HrrRbSsh::Transport::EncryptionAlgorithm[encryption_algorithm_c_to_s_name]::IV_LENGTH
+          build_key(shared_secret, hash(transport), 'A'.ord, transport.session_id, key_length)
+        end
+
+        def iv_s_to_c transport, encryption_algorithm_s_to_c_name
+          key_length = HrrRbSsh::Transport::EncryptionAlgorithm[encryption_algorithm_s_to_c_name]::IV_LENGTH
+          build_key(shared_secret, hash(transport), 'B'.ord, transport.session_id, key_length)
+        end
+
+        def key_c_to_s transport, encryption_algorithm_c_to_s_name
+          key_length = HrrRbSsh::Transport::EncryptionAlgorithm[encryption_algorithm_c_to_s_name]::KEY_LENGTH
+          build_key(shared_secret, hash(transport), 'C'.ord, transport.session_id, key_length)
+        end
+
+        def key_s_to_c transport, encryption_algorithm_s_to_c_name
+          key_length = HrrRbSsh::Transport::EncryptionAlgorithm[encryption_algorithm_s_to_c_name]::KEY_LENGTH
+          build_key(shared_secret, hash(transport), 'D'.ord, transport.session_id, key_length)
+        end
+
+        def mac_c_to_s transport, mac_algorithm_c_to_s_name
+          key_length = HrrRbSsh::Transport::MacAlgorithm[mac_algorithm_c_to_s_name]::KEY_LENGTH
+          build_key(shared_secret, hash(transport), 'E'.ord, transport.session_id, key_length)
+        end
+
+        def mac_s_to_c transport, mac_algorithm_s_to_c_name
+          key_length = HrrRbSsh::Transport::MacAlgorithm[mac_algorithm_s_to_c_name]::KEY_LENGTH
+          build_key(shared_secret, hash(transport), 'F'.ord, transport.session_id, key_length)
+        end
+
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group14_sha1.rb

@@ -0,0 +1,42 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/transport/kex_algorithm/diffie_hellman'
+
+module HrrRbSsh
+  class Transport
+    class KexAlgorithm
+      name_list = [
+        'diffie-hellman-group14-sha1'
+      ]
+
+      class DiffieHellmanGroup14Sha1 < DiffieHellman
+        P = \
+          "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" \
+          "C4C6628B" "80DC1CD1" "29024E08" "8A67CC74" \
+          "020BBEA6" "3B139B22" "514A0879" "8E3404DD" \
+          "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" \
+          "4FE1356D" "6D51C245" "E485B576" "625E7EC6" \
+          "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" \
+          "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" \
+          "49286651" "ECE45B3D" "C2007CB8" "A163BF05" \
+          "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" \
+          "83655D23" "DCA3AD96" "1C62F356" "208552BB" \
+          "9ED52907" "7096966D" "670C354E" "4ABC9804" \
+          "F1746C08" "CA18217C" "32905E46" "2E36CE3B" \
+          "E39E772C" "180E8603" "9B2783A2" "EC07A28F" \
+          "B5C55DF0" "6F4C52C9" "DE2BCBF6" "95581718" \
+          "3995497C" "EA956AE5" "15D22618" "98FA0510" \
+          "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF"
+        G = 2
+
+        DIGEST = 'sha1'
+      end
+
+      @@list ||= Hash.new
+      name_list.each do |name|
+        @@list[name] = DiffieHellmanGroup14Sha1
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group1_sha1.rb

@@ -0,0 +1,34 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/transport/kex_algorithm/diffie_hellman'
+
+module HrrRbSsh
+  class Transport
+    class KexAlgorithm
+      name_list = [
+        'diffie-hellman-group1-sha1'
+      ]
+
+      class DiffieHellmanGroup1Sha1 < DiffieHellman
+        P = \
+          "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" \
+          "C4C6628B" "80DC1CD1" "29024E08" "8A67CC74" \
+          "020BBEA6" "3B139B22" "514A0879" "8E3404DD" \
+          "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" \
+          "4FE1356D" "6D51C245" "E485B576" "625E7EC6" \
+          "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" \
+          "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" \
+          "49286651" "ECE65381" "FFFFFFFF" "FFFFFFFF"
+        G = 2
+
+        DIGEST = 'sha1'
+      end
+
+      @@list ||= Hash.new
+      name_list.each do |name|
+        @@list[name] = DiffieHellmanGroup1Sha1
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/kex_algorithm.rb

@@ -0,0 +1,22 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group1_sha1'
+require 'hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group14_sha1'
+
+module HrrRbSsh
+  class Transport
+    class KexAlgorithm
+      @@list ||= Hash.new
+
+      def self.[] key
+        @@list[key]
+      end
+
+      def self.name_list
+        @@list.keys
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/mac_algorithm/hmac_sha1.rb

@@ -0,0 +1,45 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/logger'
+
+module HrrRbSsh
+  class Transport
+    class MacAlgorithm
+      name_list = [
+        'hmac-sha1'
+      ]
+
+      class HmacSha1
+        DIGEST = 'sha1'
+
+        DIGEST_LENGTH = 20
+        KEY_LENGTH    = 20
+
+        def initialize key
+          @logger = HrrRbSsh::Logger.new self.class.name
+
+          @key = key
+        end
+
+        def compute sequence_number, unencrypted_packet
+          data = HrrRbSsh::Transport::DataType::Uint32.encode(sequence_number) + unencrypted_packet
+          OpenSSL::HMAC.digest DIGEST, @key, data
+        end
+
+        def digest_length
+          DIGEST_LENGTH
+        end
+
+        def key_length
+          KEY_LENGTH
+        end
+      end
+
+      @@list ||= Hash.new
+      name_list.each do |name|
+        @@list[name] = HmacSha1
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/mac_algorithm/none.rb

@@ -0,0 +1,40 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/logger'
+
+module HrrRbSsh
+  class Transport
+    class MacAlgorithm
+      name_list = [
+        'none'
+      ]
+
+      class None
+        DIGEST_LENGTH = 0
+        KEY_LENGTH    = 0
+
+        def initialize key=nil
+          @logger = HrrRbSsh::Logger.new self.class.name
+        end
+
+        def compute sequence_number, unencrypted_packet
+          String.new
+        end
+
+        def digest_length
+          DIGEST_LENGTH
+        end
+
+        def key_length
+          KEY_LENGTH
+        end
+      end
+
+      @@list ||= Hash.new
+      name_list.each do |name|
+        @@list[name] = None
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/mac_algorithm.rb

@@ -0,0 +1,22 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/transport/mac_algorithm/none'
+require 'hrr_rb_ssh/transport/mac_algorithm/hmac_sha1'
+
+module HrrRbSsh
+  class Transport
+    class MacAlgorithm
+      @@list ||= Hash.new
+
+      def self.[] key
+        @@list[key]
+      end
+
+      def self.name_list
+        @@list.keys
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/mode.rb

@@ -0,0 +1,11 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+module HrrRbSsh
+  class Transport
+    module Mode
+      SERVER = :server
+      CLIENT = :client
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/receiver.rb

@@ -0,0 +1,75 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/logger'
+#require 'hrr_rb_ssh/transport/packet'
+
+module HrrRbSsh
+  class Transport
+    class Receiver
+      def initialize
+        @logger = HrrRbSsh::Logger.new self.class.name
+      end
+
+      def depacketize transport, packet
+        packet_length_field_length  = 4
+        padding_length_field_length = 1
+
+        packet_length           = packet[0,4].unpack("N")[0]
+        padding_length          = packet[4,1].unpack("C")[0]
+        deflated_payload_length = packet_length - padding_length_field_length - padding_length
+        deflated_payload        = packet[packet_length_field_length + padding_length_field_length, deflated_payload_length]
+        payload                 = transport.incoming_compression_algorithm.inflate deflated_payload
+
+        payload
+      end
+
+      def receive_packet transport
+        packet_length_field_length  = 4
+        minimum_block_size          = 8
+
+        block_size                 = [transport.incoming_encryption_algorithm.block_size, minimum_block_size].max
+        initial_encrypted_packet   = transport.io.read block_size
+        if (initial_encrypted_packet == nil) || (initial_encrypted_packet.length != block_size)
+          @logger.warn("IO is EOF")
+          raise EOFError
+        end
+        initial_unencrypted_packet = transport.incoming_encryption_algorithm.decrypt initial_encrypted_packet
+        packet_length              = initial_unencrypted_packet[0,4].unpack("N")[0]
+        last_packet_length         = packet_length_field_length + packet_length - block_size
+        last_encrypted_packet      = transport.io.read last_packet_length
+        if (last_encrypted_packet == nil) || (last_encrypted_packet.length != last_packet_length)
+          @logger.warn("IO is EOF")
+          raise EOFError
+        end
+        last_unencrypted_packet    = transport.incoming_encryption_algorithm.decrypt last_encrypted_packet
+        encrypted_packet           = initial_encrypted_packet + last_encrypted_packet
+        unencrypted_packet         = initial_unencrypted_packet + last_unencrypted_packet
+
+        unencrypted_packet
+      end
+
+      def receive_mac transport
+        mac_length = transport.incoming_mac_algorithm.digest_length
+        mac = transport.io.read mac_length
+        if (mac == nil) || (mac.length != mac_length)
+          @logger.warn("IO is EOF")
+          raise EOFError
+        end
+        mac
+      end
+
+      def receive transport
+        unencrypted_packet = receive_packet transport
+        payload            = depacketize transport, unencrypted_packet
+        mac                = receive_mac transport
+
+        raise if mac != transport.incoming_mac_algorithm.compute( transport.incoming_sequence_number.sequence_number, unencrypted_packet )
+
+        transport.incoming_sequence_number.increment
+
+        payload
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/sender.rb

@@ -0,0 +1,57 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/logger'
+
+module HrrRbSsh
+  class Transport
+    class Sender
+      def initialize
+        @logger = HrrRbSsh::Logger.new self.class.name
+      end
+
+      def packetize transport, payload
+        packet_length_field_length  = 4
+        padding_length_field_length = 1
+        minimum_padding_length      = 4
+        minimum_block_size          = 8
+
+        block_size       = [transport.outgoing_encryption_algorithm.block_size, minimum_block_size].max
+        deflated_payload = transport.outgoing_compression_algorithm.deflate payload
+        tmp_total_length = packet_length_field_length + padding_length_field_length + deflated_payload.length + minimum_padding_length
+        total_length     = tmp_total_length + (block_size - (tmp_total_length % block_size))
+        packet_length    = total_length - packet_length_field_length
+        padding_length   = packet_length - padding_length_field_length - deflated_payload.length
+        padding          = OpenSSL::Random.random_bytes( padding_length )
+        packet           = [packet_length, padding_length].pack("NC") + deflated_payload + padding
+
+        packet
+      end
+
+      def encrypt transport, packet
+        encrypted_packet = transport.outgoing_encryption_algorithm.encrypt packet
+
+        encrypted_packet
+      end
+
+      def send_packet transport, packet
+        encrypted_packet = encrypt transport, packet
+        transport.io.write encrypted_packet
+      end
+
+      def send_mac transport, packet
+        mac = transport.outgoing_mac_algorithm.compute transport.outgoing_sequence_number.sequence_number, packet
+        transport.io.write mac
+      end
+
+      def send transport, payload
+        packet = packetize transport, payload
+
+        send_packet transport, packet
+        send_mac    transport, packet
+
+        transport.outgoing_sequence_number.increment
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/transport/sequence_number.rb

@@ -0,0 +1,22 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'hrr_rb_ssh/logger'
+
+module HrrRbSsh
+  class Transport
+    class SequenceNumber
+      attr_reader :sequence_number
+
+      def initialize
+        @sequence_number = 0
+
+        @logger = HrrRbSsh::Logger.new self.class.name
+      end
+
+      def increment
+        @sequence_number = (@sequence_number + 1) % 0x1_0000_0000
+      end
+    end
+  end
+end