hrr_rb_ssh 0.1.4 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/demo/server.rb +10 -2
- data/lib/hrr_rb_ssh/authentication/method/none.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/password.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/public_key_blob.rb +5 -5
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature_blob.rb +8 -8
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb +24 -24
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/public_key_blob.rb +3 -3
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature_blob.rb +8 -8
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb +19 -19
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/context.rb +7 -7
- data/lib/hrr_rb_ssh/authentication/method/publickey.rb +7 -7
- data/lib/hrr_rb_ssh/authentication.rb +6 -6
- data/lib/hrr_rb_ssh/codable.rb +7 -2
- data/lib/hrr_rb_ssh/connection/channel/channel_type/direct_tcpip.rb +102 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain/chain_context.rb +26 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain.rb +29 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env/context.rb +2 -2
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req/context.rb +6 -6
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change/context.rb +4 -4
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb +42 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type.rb +1 -0
- data/lib/hrr_rb_ssh/connection/channel.rb +50 -63
- data/lib/hrr_rb_ssh/connection/request_handler/reference_shell_request_handler.rb +29 -9
- data/lib/hrr_rb_ssh/connection.rb +22 -27
- data/lib/hrr_rb_ssh/message/001_ssh_msg_disconnect.rb +4 -4
- data/lib/hrr_rb_ssh/message/002_ssh_msg_ignore.rb +2 -2
- data/lib/hrr_rb_ssh/message/003_ssh_msg_unimplemented.rb +2 -2
- data/lib/hrr_rb_ssh/message/004_ssh_msg_debug.rb +4 -4
- data/lib/hrr_rb_ssh/message/005_ssh_msg_service_request.rb +2 -2
- data/lib/hrr_rb_ssh/message/006_ssh_msg_service_accept.rb +2 -2
- data/lib/hrr_rb_ssh/message/020_ssh_msg_kexinit.rb +29 -29
- data/lib/hrr_rb_ssh/message/021_ssh_msg_newkeys.rb +1 -1
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kex_dh_gex_request_old.rb +2 -2
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kexdh_init.rb +2 -2
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kexecdh_init.rb +24 -0
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kex_dh_gex_group.rb +3 -3
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kexdh_reply.rb +4 -4
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kexecdh_reply.rb +26 -0
- data/lib/hrr_rb_ssh/message/032_ssh_msg_kex_dh_gex_init.rb +2 -2
- data/lib/hrr_rb_ssh/message/033_ssh_msg_kex_dh_gex_reply.rb +4 -4
- data/lib/hrr_rb_ssh/message/034_ssh_msg_kex_dh_gex_request.rb +4 -4
- data/lib/hrr_rb_ssh/message/050_ssh_msg_userauth_request.rb +17 -17
- data/lib/hrr_rb_ssh/message/051_ssh_msg_userauth_failure.rb +3 -3
- data/lib/hrr_rb_ssh/message/052_ssh_msg_userauth_success.rb +1 -1
- data/lib/hrr_rb_ssh/message/060_ssh_msg_userauth_pk_ok.rb +3 -3
- data/lib/hrr_rb_ssh/message/080_ssh_msg_global_request.rb +12 -12
- data/lib/hrr_rb_ssh/message/081_ssh_msg_request_success.rb +5 -5
- data/lib/hrr_rb_ssh/message/082_ssh_msg_request_failure.rb +1 -1
- data/lib/hrr_rb_ssh/message/090_ssh_msg_channel_open.rb +24 -24
- data/lib/hrr_rb_ssh/message/091_ssh_msg_channel_open_confirmation.rb +14 -24
- data/lib/hrr_rb_ssh/message/092_ssh_msg_channel_open_failure.rb +5 -5
- data/lib/hrr_rb_ssh/message/093_ssh_msg_channel_window_adjust.rb +3 -3
- data/lib/hrr_rb_ssh/message/094_ssh_msg_channel_data.rb +3 -3
- data/lib/hrr_rb_ssh/message/095_ssh_msg_channel_extended_data.rb +4 -4
- data/lib/hrr_rb_ssh/message/096_ssh_msg_channel_eof.rb +2 -2
- data/lib/hrr_rb_ssh/message/097_ssh_msg_channel_close.rb +2 -2
- data/lib/hrr_rb_ssh/message/098_ssh_msg_channel_request.rb +51 -51
- data/lib/hrr_rb_ssh/message/099_ssh_msg_channel_success.rb +2 -2
- data/lib/hrr_rb_ssh/message/100_ssh_msg_channel_failure.rb +2 -2
- data/lib/hrr_rb_ssh/message.rb +2 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman/h0.rb +8 -8
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman.rb +13 -13
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange/h0.rb +13 -13
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb +24 -24
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman/h0.rb +29 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman.rb +132 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp256.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp384.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp521.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb +79 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb +80 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521.rb +81 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/public_key_blob.rb +5 -5
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/signature.rb +2 -2
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss.rb +9 -9
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/public_key_blob.rb +3 -3
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/signature.rb +2 -2
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa.rb +6 -6
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/transport.rb +30 -30
- data/lib/hrr_rb_ssh/version.rb +1 -1
- metadata +39 -4
- data/lib/hrr_rb_ssh/connection/channel/proc_chain/chain_context.rb +0 -22
- data/lib/hrr_rb_ssh/connection/channel/proc_chain.rb +0 -25
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4ef9c8b694642b51f6b8cf1533da4243a688b3a5627f2e95a46903a882d3df00
|
4
|
+
data.tar.gz: ccfba489514d746b7b973ce6ed6551e84f34c3a7067891970d8401f944ba98e2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bf79eec5cdcddb81d3a8fa97a67e5e49664d3dc763633822c85d6355a0a3df76475172c9f06f3c571a6207483f8d616ede74a9f502929adc11ff4b8a9793e024
|
7
|
+
data.tar.gz: 3aa22c9f967259b0ac76bdc4a33b0aa6057a4c912369dfe3be48a38c6726ebd84af2c2ebefdf203527facc58159fd6c753edfd4cc09d4d5f9d24124637db670e
|
data/demo/server.rb
CHANGED
@@ -19,8 +19,8 @@ HrrRbSsh::Logger.initialize logger
|
|
19
19
|
|
20
20
|
|
21
21
|
tran_preferred_encryption_algorithms = %w(aes128-ctr aes192-ctr aes256-ctr aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour)
|
22
|
-
tran_preferred_server_host_key_algorithms = %w(ssh-rsa ssh-dss)
|
23
|
-
tran_preferred_kex_algorithms = %w(diffie-hellman-group14-sha1 diffie-hellman-group1-sha1)
|
22
|
+
tran_preferred_server_host_key_algorithms = %w(ecdsa-sha2-nistp521 ecdsa-sha2-nistp384 ecdsa-sha2-nistp256 ssh-rsa ssh-dss)
|
23
|
+
tran_preferred_kex_algorithms = %w(ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1)
|
24
24
|
tran_preferred_mac_algorithms = %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96)
|
25
25
|
tran_preferred_compression_algorithms = %w(none zlib)
|
26
26
|
|
@@ -54,11 +54,19 @@ H6OpR/EnUmBttlvcL28CGOsZIwYJtAdVsGXpIXtiPLl2eEzaM9aBsS/LGWKgQNo3
|
|
54
54
|
T6b+xuqhfiUpbc/stfdmgDc3B/ZgpFsQh5oWBoAfkL6kAEa4oQBFhqF0QM5ej6h5
|
55
55
|
wqbQt4paM0aEuypWE+CaizA0I+El7f0y+59sUqTAN/7F9UlXaOBdd9SZkhACBrAR
|
56
56
|
nQIDAQAB
|
57
|
+
-----END PUBLIC KEY-----
|
58
|
+
EOB
|
59
|
+
ecdsa_sha2_nistp256_public_key_algorithm_name = 'ecdsa-sha2-nistp256'
|
60
|
+
ecdsa_sha2_nistp256_public_key = <<-'EOB'
|
61
|
+
-----BEGIN PUBLIC KEY-----
|
62
|
+
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9DPmu6CIA5VCBaN9wpUP2UUZQ+dw
|
63
|
+
77mTZ7lD+z5cjzF7OL/cPL1/zklAsYaH7z7OcPYRbe24QCG5YfJQZjevJQ==
|
57
64
|
-----END PUBLIC KEY-----
|
58
65
|
EOB
|
59
66
|
[
|
60
67
|
[dss_public_key_algorithm_name, dss_public_key],
|
61
68
|
[rsa_public_key_algorithm_name, rsa_public_key],
|
69
|
+
[ecdsa_sha2_nistp256_public_key_algorithm_name, ecdsa_sha2_nistp256_public_key],
|
62
70
|
].any? { |public_key_algorithm_name, public_key|
|
63
71
|
context.verify username, public_key_algorithm_name, public_key
|
64
72
|
}
|
@@ -18,7 +18,7 @@ module HrrRbSsh
|
|
18
18
|
def authenticate userauth_request_message
|
19
19
|
@logger.info("authenticate")
|
20
20
|
@logger.debug("userauth request: " + userauth_request_message.inspect)
|
21
|
-
context = Context.new(userauth_request_message['user name'])
|
21
|
+
context = Context.new(userauth_request_message[:'user name'])
|
22
22
|
@authenticator.authenticate context
|
23
23
|
end
|
24
24
|
end
|
@@ -18,8 +18,8 @@ module HrrRbSsh
|
|
18
18
|
def authenticate userauth_request_message
|
19
19
|
@logger.info("authenticate")
|
20
20
|
@logger.debug("userauth request: " + userauth_request_message.inspect)
|
21
|
-
username = userauth_request_message['user name']
|
22
|
-
password = userauth_request_message['plaintext password']
|
21
|
+
username = userauth_request_message[:'user name']
|
22
|
+
password = userauth_request_message[:'plaintext password']
|
23
23
|
context = Context.new(username, password)
|
24
24
|
@authenticator.authenticate context
|
25
25
|
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp256
|
13
|
+
module EcdsaSignatureBlob
|
14
|
+
class << self
|
15
|
+
include Codable
|
16
|
+
end
|
17
|
+
DEFINITION = [
|
18
|
+
[DataType::Mpint, :'r'],
|
19
|
+
[DataType::Mpint, :'s'],
|
20
|
+
]
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob.rb
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp256
|
13
|
+
module PublicKeyBlob
|
14
|
+
class << self
|
15
|
+
include Codable
|
16
|
+
end
|
17
|
+
DEFINITION = [
|
18
|
+
[DataType::String, :'public key algorithm name'],
|
19
|
+
[DataType::String, :'[identifier]'],
|
20
|
+
[DataType::String, :'Q'],
|
21
|
+
]
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature.rb
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp256
|
13
|
+
module Signature
|
14
|
+
class << self
|
15
|
+
include Codable
|
16
|
+
end
|
17
|
+
DEFINITION = [
|
18
|
+
[DataType::String, :'public key algorithm name'],
|
19
|
+
[DataType::String, :'signature blob'],
|
20
|
+
]
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob.rb
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp256
|
13
|
+
module SignatureBlob
|
14
|
+
class << self
|
15
|
+
include Codable
|
16
|
+
end
|
17
|
+
DEFINITION = [
|
18
|
+
[DataType::String, :'session identifier'],
|
19
|
+
[DataType::Byte, :'message number'],
|
20
|
+
[DataType::String, :'user name'],
|
21
|
+
[DataType::String, :'service name'],
|
22
|
+
[DataType::String, :'method name'],
|
23
|
+
[DataType::Boolean, :'with signature'],
|
24
|
+
[DataType::String, :'public key algorithm name'],
|
25
|
+
[DataType::String, :'public key blob'],
|
26
|
+
]
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,84 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/logger'
|
5
|
+
require 'hrr_rb_ssh/data_type'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp256 < Algorithm
|
13
|
+
NAME = 'ecdsa-sha2-nistp256'
|
14
|
+
PREFERENCE = 30
|
15
|
+
DIGEST = 'sha256'
|
16
|
+
IDENTIFIER = 'nistp256'
|
17
|
+
CURVE_NAME = 'prime256v1'
|
18
|
+
|
19
|
+
def initialize
|
20
|
+
@logger = HrrRbSsh::Logger.new(self.class.name)
|
21
|
+
end
|
22
|
+
|
23
|
+
def verify_public_key public_key_algorithm_name, public_key, public_key_blob
|
24
|
+
public_key = case public_key
|
25
|
+
when String
|
26
|
+
OpenSSL::PKey::EC.new(public_key)
|
27
|
+
when OpenSSL::PKey::EC
|
28
|
+
public_key
|
29
|
+
else
|
30
|
+
return false
|
31
|
+
end
|
32
|
+
public_key_message = {
|
33
|
+
:'public key algorithm name' => public_key_algorithm_name,
|
34
|
+
:'[identifier]' => self.class::IDENTIFIER,
|
35
|
+
:'Q' => public_key.public_key.to_bn.to_s(2)
|
36
|
+
}
|
37
|
+
public_key_blob == PublicKeyBlob.encode(public_key_message)
|
38
|
+
end
|
39
|
+
|
40
|
+
def verify_signature session_id, message
|
41
|
+
signature_message = Signature.decode message[:'signature']
|
42
|
+
signature_algorithm = signature_message[:'public key algorithm name']
|
43
|
+
signature_blob = signature_message[:'signature blob']
|
44
|
+
|
45
|
+
public_key = PublicKeyBlob.decode message[:'public key blob']
|
46
|
+
algorithm = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
|
47
|
+
algorithm.public_key = OpenSSL::PKey::EC::Point.new(algorithm.group, OpenSSL::BN.new(public_key[:'Q'], 2))
|
48
|
+
|
49
|
+
data_message = {
|
50
|
+
:'session identifier' => session_id,
|
51
|
+
:'message number' => message[:'message number'],
|
52
|
+
:'user name' => message[:'user name'],
|
53
|
+
:'service name' => message[:'service name'],
|
54
|
+
:'method name' => message[:'method name'],
|
55
|
+
:'with signature' => message[:'with signature'],
|
56
|
+
:'public key algorithm name' => message[:'public key algorithm name'],
|
57
|
+
:'public key blob' => message[:'public key blob'],
|
58
|
+
}
|
59
|
+
data_blob = SignatureBlob.encode data_message
|
60
|
+
|
61
|
+
hash = OpenSSL::Digest.digest(DIGEST, data_blob)
|
62
|
+
ecdsa_signature_blob = EcdsaSignatureBlob.decode signature_blob
|
63
|
+
sign_r = ecdsa_signature_blob[:'r']
|
64
|
+
sign_s = ecdsa_signature_blob[:'s']
|
65
|
+
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
66
|
+
[
|
67
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r)),
|
68
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s)),
|
69
|
+
]
|
70
|
+
)
|
71
|
+
sign_der = sign_asn1.to_der
|
72
|
+
(signature_algorithm == message[:'public key algorithm name']) && algorithm.dsa_verify_asn1(hash, sign_der)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob'
|
82
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob'
|
83
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature'
|
84
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob'
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp384
|
13
|
+
module EcdsaSignatureBlob
|
14
|
+
class << self
|
15
|
+
include Codable
|
16
|
+
end
|
17
|
+
DEFINITION = [
|
18
|
+
[DataType::Mpint, :'r'],
|
19
|
+
[DataType::Mpint, :'s'],
|
20
|
+
]
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob.rb
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp384
|
13
|
+
module PublicKeyBlob
|
14
|
+
class << self
|
15
|
+
include Codable
|
16
|
+
end
|
17
|
+
DEFINITION = [
|
18
|
+
[DataType::String, :'public key algorithm name'],
|
19
|
+
[DataType::String, :'[identifier]'],
|
20
|
+
[DataType::String, :'Q'],
|
21
|
+
]
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature.rb
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp384
|
13
|
+
module Signature
|
14
|
+
class << self
|
15
|
+
include Codable
|
16
|
+
end
|
17
|
+
DEFINITION = [
|
18
|
+
[DataType::String, :'public key algorithm name'],
|
19
|
+
[DataType::String, :'signature blob'],
|
20
|
+
]
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob.rb
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp384
|
13
|
+
module SignatureBlob
|
14
|
+
class << self
|
15
|
+
include Codable
|
16
|
+
end
|
17
|
+
DEFINITION = [
|
18
|
+
[DataType::String, :'session identifier'],
|
19
|
+
[DataType::Byte, :'message number'],
|
20
|
+
[DataType::String, :'user name'],
|
21
|
+
[DataType::String, :'service name'],
|
22
|
+
[DataType::String, :'method name'],
|
23
|
+
[DataType::Boolean, :'with signature'],
|
24
|
+
[DataType::String, :'public key algorithm name'],
|
25
|
+
[DataType::String, :'public key blob'],
|
26
|
+
]
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,84 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/logger'
|
5
|
+
require 'hrr_rb_ssh/data_type'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp384 < Algorithm
|
13
|
+
NAME = 'ecdsa-sha2-nistp384'
|
14
|
+
PREFERENCE = 40
|
15
|
+
DIGEST = 'sha384'
|
16
|
+
IDENTIFIER = 'nistp384'
|
17
|
+
CURVE_NAME = 'secp384r1'
|
18
|
+
|
19
|
+
def initialize
|
20
|
+
@logger = HrrRbSsh::Logger.new(self.class.name)
|
21
|
+
end
|
22
|
+
|
23
|
+
def verify_public_key public_key_algorithm_name, public_key, public_key_blob
|
24
|
+
public_key = case public_key
|
25
|
+
when String
|
26
|
+
OpenSSL::PKey::EC.new(public_key)
|
27
|
+
when OpenSSL::PKey::EC
|
28
|
+
public_key
|
29
|
+
else
|
30
|
+
return false
|
31
|
+
end
|
32
|
+
public_key_message = {
|
33
|
+
:'public key algorithm name' => public_key_algorithm_name,
|
34
|
+
:'[identifier]' => self.class::IDENTIFIER,
|
35
|
+
:'Q' => public_key.public_key.to_bn.to_s(2)
|
36
|
+
}
|
37
|
+
public_key_blob == PublicKeyBlob.encode(public_key_message)
|
38
|
+
end
|
39
|
+
|
40
|
+
def verify_signature session_id, message
|
41
|
+
signature_message = Signature.decode message[:'signature']
|
42
|
+
signature_algorithm = signature_message[:'public key algorithm name']
|
43
|
+
signature_blob = signature_message[:'signature blob']
|
44
|
+
|
45
|
+
public_key = PublicKeyBlob.decode message[:'public key blob']
|
46
|
+
algorithm = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
|
47
|
+
algorithm.public_key = OpenSSL::PKey::EC::Point.new(algorithm.group, OpenSSL::BN.new(public_key[:'Q'], 2))
|
48
|
+
|
49
|
+
data_message = {
|
50
|
+
:'session identifier' => session_id,
|
51
|
+
:'message number' => message[:'message number'],
|
52
|
+
:'user name' => message[:'user name'],
|
53
|
+
:'service name' => message[:'service name'],
|
54
|
+
:'method name' => message[:'method name'],
|
55
|
+
:'with signature' => message[:'with signature'],
|
56
|
+
:'public key algorithm name' => message[:'public key algorithm name'],
|
57
|
+
:'public key blob' => message[:'public key blob'],
|
58
|
+
}
|
59
|
+
data_blob = SignatureBlob.encode data_message
|
60
|
+
|
61
|
+
hash = OpenSSL::Digest.digest(DIGEST, data_blob)
|
62
|
+
ecdsa_signature_blob = EcdsaSignatureBlob.decode signature_blob
|
63
|
+
sign_r = ecdsa_signature_blob[:'r']
|
64
|
+
sign_s = ecdsa_signature_blob[:'s']
|
65
|
+
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
66
|
+
[
|
67
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r)),
|
68
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s)),
|
69
|
+
]
|
70
|
+
)
|
71
|
+
sign_der = sign_asn1.to_der
|
72
|
+
(signature_algorithm == message[:'public key algorithm name']) && algorithm.dsa_verify_asn1(hash, sign_der)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob'
|
82
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob'
|
83
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature'
|
84
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob'
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp521
|
13
|
+
module EcdsaSignatureBlob
|
14
|
+
class << self
|
15
|
+
include Codable
|
16
|
+
end
|
17
|
+
DEFINITION = [
|
18
|
+
[DataType::Mpint, :'r'],
|
19
|
+
[DataType::Mpint, :'s'],
|
20
|
+
]
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob.rb
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp521
|
13
|
+
module PublicKeyBlob
|
14
|
+
class << self
|
15
|
+
include Codable
|
16
|
+
end
|
17
|
+
DEFINITION = [
|
18
|
+
[DataType::String, :'public key algorithm name'],
|
19
|
+
[DataType::String, :'[identifier]'],
|
20
|
+
[DataType::String, :'Q'],
|
21
|
+
]
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature.rb
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp521
|
13
|
+
module Signature
|
14
|
+
class << self
|
15
|
+
include Codable
|
16
|
+
end
|
17
|
+
DEFINITION = [
|
18
|
+
[DataType::String, :'public key algorithm name'],
|
19
|
+
[DataType::String, :'signature blob'],
|
20
|
+
]
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob.rb
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
class EcdsaSha2Nistp521
|
13
|
+
module SignatureBlob
|
14
|
+
class << self
|
15
|
+
include Codable
|
16
|
+
end
|
17
|
+
DEFINITION = [
|
18
|
+
[DataType::String, :'session identifier'],
|
19
|
+
[DataType::Byte, :'message number'],
|
20
|
+
[DataType::String, :'user name'],
|
21
|
+
[DataType::String, :'service name'],
|
22
|
+
[DataType::String, :'method name'],
|
23
|
+
[DataType::Boolean, :'with signature'],
|
24
|
+
[DataType::String, :'public key algorithm name'],
|
25
|
+
[DataType::String, :'public key blob'],
|
26
|
+
]
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|