RubyGems - hrr_rb_ssh - Versions diffs - 0.1.4 → 0.1.5 - Mend

hrr_rb_ssh 0.1.4 → 0.1.5

Files changed (115) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5d27094a810417b60ee82692a67b937152a9840bd3612fd333d3ff78b8babdc8
-  data.tar.gz: 81a4410d0e71dd441d67c4e591b2007b024c0f447bf37d9ce6cca012e4e1205f
+  metadata.gz: 4ef9c8b694642b51f6b8cf1533da4243a688b3a5627f2e95a46903a882d3df00
+  data.tar.gz: ccfba489514d746b7b973ce6ed6551e84f34c3a7067891970d8401f944ba98e2
 SHA512:
-  metadata.gz: 40f52780040a121411281d571b486e3d0f4cc4a8f90d15c5ed996ad52dbcfa39fc42fcaa868a9effb0f3b2fabde4a1cc9140c873532607fcbcfa2e03d8e51bf9
-  data.tar.gz: 219acc3467eeb26a34534e29c1a85c9fb8945874ec4019549cbf7ba14235839f959f15c109117c973d7a1b8b0fd4ff6709c08dff2d156fb7c15f86005a12f34e
+  metadata.gz: bf79eec5cdcddb81d3a8fa97a67e5e49664d3dc763633822c85d6355a0a3df76475172c9f06f3c571a6207483f8d616ede74a9f502929adc11ff4b8a9793e024
+  data.tar.gz: 3aa22c9f967259b0ac76bdc4a33b0aa6057a4c912369dfe3be48a38c6726ebd84af2c2ebefdf203527facc58159fd6c753edfd4cc09d4d5f9d24124637db670e

data/demo/server.rb CHANGED Viewed

@@ -19,8 +19,8 @@ HrrRbSsh::Logger.initialize logger
 tran_preferred_encryption_algorithms      = %w(aes128-ctr aes192-ctr aes256-ctr aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour)
-tran_preferred_server_host_key_algorithms = %w(ssh-rsa ssh-dss)
-tran_preferred_kex_algorithms             = %w(diffie-hellman-group14-sha1 diffie-hellman-group1-sha1)
+tran_preferred_server_host_key_algorithms = %w(ecdsa-sha2-nistp521 ecdsa-sha2-nistp384 ecdsa-sha2-nistp256 ssh-rsa ssh-dss)
+tran_preferred_kex_algorithms             = %w(ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1)
 tran_preferred_mac_algorithms             = %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96)
 tran_preferred_compression_algorithms     = %w(none zlib)
@@ -54,11 +54,19 @@ H6OpR/EnUmBttlvcL28CGOsZIwYJtAdVsGXpIXtiPLl2eEzaM9aBsS/LGWKgQNo3
 T6b+xuqhfiUpbc/stfdmgDc3B/ZgpFsQh5oWBoAfkL6kAEa4oQBFhqF0QM5ej6h5
 wqbQt4paM0aEuypWE+CaizA0I+El7f0y+59sUqTAN/7F9UlXaOBdd9SZkhACBrAR
 nQIDAQAB
+-----END PUBLIC KEY-----
+  EOB
+  ecdsa_sha2_nistp256_public_key_algorithm_name = 'ecdsa-sha2-nistp256'
+  ecdsa_sha2_nistp256_public_key = <<-'EOB'
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9DPmu6CIA5VCBaN9wpUP2UUZQ+dw
+77mTZ7lD+z5cjzF7OL/cPL1/zklAsYaH7z7OcPYRbe24QCG5YfJQZjevJQ==
 -----END PUBLIC KEY-----
   EOB
   [
     [dss_public_key_algorithm_name, dss_public_key],
     [rsa_public_key_algorithm_name, rsa_public_key],
+    [ecdsa_sha2_nistp256_public_key_algorithm_name, ecdsa_sha2_nistp256_public_key],
   ].any? { |public_key_algorithm_name, public_key|
     context.verify username, public_key_algorithm_name, public_key
   }

data/lib/hrr_rb_ssh/authentication/method/none.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module HrrRbSsh
         def authenticate userauth_request_message
           @logger.info("authenticate")
           @logger.debug("userauth request: " + userauth_request_message.inspect)
-          context = Context.new(userauth_request_message['user name'])
+          context = Context.new(userauth_request_message[:'user name'])
           @authenticator.authenticate context
         end
       end

data/lib/hrr_rb_ssh/authentication/method/password.rb CHANGED Viewed

@@ -18,8 +18,8 @@ module HrrRbSsh
         def authenticate userauth_request_message
           @logger.info("authenticate")
           @logger.debug("userauth request: " + userauth_request_message.inspect)
-          username = userauth_request_message['user name']
-          password = userauth_request_message['plaintext password']
+          username = userauth_request_message[:'user name']
+          password = userauth_request_message[:'plaintext password']
           context = Context.new(username, password)
           @authenticator.authenticate context
         end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp256
+            module EcdsaSignatureBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::Mpint, :'r'],
+                [DataType::Mpint, :'s'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp256
+            module PublicKeyBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String, :'public key algorithm name'],
+                [DataType::String, :'[identifier]'],
+                [DataType::String, :'Q'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp256
+            module Signature
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String, :'public key algorithm name'],
+                [DataType::String, :'signature blob'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp256
+            module SignatureBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String,  :'session identifier'],
+                [DataType::Byte,    :'message number'],
+                [DataType::String,  :'user name'],
+                [DataType::String,  :'service name'],
+                [DataType::String,  :'method name'],
+                [DataType::Boolean, :'with signature'],
+                [DataType::String,  :'public key algorithm name'],
+                [DataType::String,  :'public key blob'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb ADDED Viewed

@@ -0,0 +1,84 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/data_type'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp256 < Algorithm
+            NAME = 'ecdsa-sha2-nistp256'
+            PREFERENCE = 30
+            DIGEST = 'sha256'
+            IDENTIFIER = 'nistp256'
+            CURVE_NAME = 'prime256v1'
+            def initialize
+              @logger = HrrRbSsh::Logger.new(self.class.name)
+            end
+            def verify_public_key public_key_algorithm_name, public_key, public_key_blob
+              public_key = case public_key
+                           when String
+                             OpenSSL::PKey::EC.new(public_key)
+                           when OpenSSL::PKey::EC
+                             public_key
+                           else
+                             return false
+                           end
+              public_key_message = {
+                :'public key algorithm name' => public_key_algorithm_name,
+                :'[identifier]'              => self.class::IDENTIFIER,
+                :'Q'                         => public_key.public_key.to_bn.to_s(2)
+              }
+              public_key_blob == PublicKeyBlob.encode(public_key_message)
+            end
+            def verify_signature session_id, message
+              signature_message   = Signature.decode message[:'signature']
+              signature_algorithm = signature_message[:'public key algorithm name']
+              signature_blob      = signature_message[:'signature blob']
+              public_key = PublicKeyBlob.decode message[:'public key blob']
+              algorithm = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
+              algorithm.public_key = OpenSSL::PKey::EC::Point.new(algorithm.group, OpenSSL::BN.new(public_key[:'Q'], 2))
+              data_message = {
+                :'session identifier'        => session_id,
+                :'message number'            => message[:'message number'],
+                :'user name'                 => message[:'user name'],
+                :'service name'              => message[:'service name'],
+                :'method name'               => message[:'method name'],
+                :'with signature'            => message[:'with signature'],
+                :'public key algorithm name' => message[:'public key algorithm name'],
+                :'public key blob'           => message[:'public key blob'],
+              }
+              data_blob = SignatureBlob.encode data_message
+              hash = OpenSSL::Digest.digest(DIGEST, data_blob)
+              ecdsa_signature_blob = EcdsaSignatureBlob.decode signature_blob
+              sign_r = ecdsa_signature_blob[:'r']
+              sign_s = ecdsa_signature_blob[:'s']
+              sign_asn1 = OpenSSL::ASN1::Sequence.new(
+                [
+                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r)),
+                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s)),
+                ]
+              )
+              sign_der = sign_asn1.to_der
+              (signature_algorithm == message[:'public key algorithm name']) && algorithm.dsa_verify_asn1(hash, sign_der)
+            end
+          end
+        end
+      end
+    end
+  end
+end
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob'

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp384
+            module EcdsaSignatureBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::Mpint, :'r'],
+                [DataType::Mpint, :'s'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp384
+            module PublicKeyBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String, :'public key algorithm name'],
+                [DataType::String, :'[identifier]'],
+                [DataType::String, :'Q'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp384
+            module Signature
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String, :'public key algorithm name'],
+                [DataType::String, :'signature blob'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp384
+            module SignatureBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String,  :'session identifier'],
+                [DataType::Byte,    :'message number'],
+                [DataType::String,  :'user name'],
+                [DataType::String,  :'service name'],
+                [DataType::String,  :'method name'],
+                [DataType::Boolean, :'with signature'],
+                [DataType::String,  :'public key algorithm name'],
+                [DataType::String,  :'public key blob'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb ADDED Viewed

@@ -0,0 +1,84 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/data_type'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp384 < Algorithm
+            NAME = 'ecdsa-sha2-nistp384'
+            PREFERENCE = 40
+            DIGEST = 'sha384'
+            IDENTIFIER = 'nistp384'
+            CURVE_NAME = 'secp384r1'
+            def initialize
+              @logger = HrrRbSsh::Logger.new(self.class.name)
+            end
+            def verify_public_key public_key_algorithm_name, public_key, public_key_blob
+              public_key = case public_key
+                           when String
+                             OpenSSL::PKey::EC.new(public_key)
+                           when OpenSSL::PKey::EC
+                             public_key
+                           else
+                             return false
+                           end
+              public_key_message = {
+                :'public key algorithm name' => public_key_algorithm_name,
+                :'[identifier]'              => self.class::IDENTIFIER,
+                :'Q'                         => public_key.public_key.to_bn.to_s(2)
+              }
+              public_key_blob == PublicKeyBlob.encode(public_key_message)
+            end
+            def verify_signature session_id, message
+              signature_message   = Signature.decode message[:'signature']
+              signature_algorithm = signature_message[:'public key algorithm name']
+              signature_blob      = signature_message[:'signature blob']
+              public_key = PublicKeyBlob.decode message[:'public key blob']
+              algorithm = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
+              algorithm.public_key = OpenSSL::PKey::EC::Point.new(algorithm.group, OpenSSL::BN.new(public_key[:'Q'], 2))
+              data_message = {
+                :'session identifier'        => session_id,
+                :'message number'            => message[:'message number'],
+                :'user name'                 => message[:'user name'],
+                :'service name'              => message[:'service name'],
+                :'method name'               => message[:'method name'],
+                :'with signature'            => message[:'with signature'],
+                :'public key algorithm name' => message[:'public key algorithm name'],
+                :'public key blob'           => message[:'public key blob'],
+              }
+              data_blob = SignatureBlob.encode data_message
+              hash = OpenSSL::Digest.digest(DIGEST, data_blob)
+              ecdsa_signature_blob = EcdsaSignatureBlob.decode signature_blob
+              sign_r = ecdsa_signature_blob[:'r']
+              sign_s = ecdsa_signature_blob[:'s']
+              sign_asn1 = OpenSSL::ASN1::Sequence.new(
+                [
+                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r)),
+                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s)),
+                ]
+              )
+              sign_der = sign_asn1.to_der
+              (signature_algorithm == message[:'public key algorithm name']) && algorithm.dsa_verify_asn1(hash, sign_der)
+            end
+          end
+        end
+      end
+    end
+  end
+end
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob'

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp521
+            module EcdsaSignatureBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::Mpint, :'r'],
+                [DataType::Mpint, :'s'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp521
+            module PublicKeyBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String, :'public key algorithm name'],
+                [DataType::String, :'[identifier]'],
+                [DataType::String, :'Q'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp521
+            module Signature
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String, :'public key algorithm name'],
+                [DataType::String, :'signature blob'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp521
+            module SignatureBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String,  :'session identifier'],
+                [DataType::Byte,    :'message number'],
+                [DataType::String,  :'user name'],
+                [DataType::String,  :'service name'],
+                [DataType::String,  :'method name'],
+                [DataType::Boolean, :'with signature'],
+                [DataType::String,  :'public key algorithm name'],
+                [DataType::String,  :'public key blob'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end