RubyGems - hrr_rb_ssh - Versions diffs - 0.1.4 → 0.1.5 - Mend

hrr_rb_ssh 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (115) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5d27094a810417b60ee82692a67b937152a9840bd3612fd333d3ff78b8babdc8
-  data.tar.gz: 81a4410d0e71dd441d67c4e591b2007b024c0f447bf37d9ce6cca012e4e1205f
+  metadata.gz: 4ef9c8b694642b51f6b8cf1533da4243a688b3a5627f2e95a46903a882d3df00
+  data.tar.gz: ccfba489514d746b7b973ce6ed6551e84f34c3a7067891970d8401f944ba98e2
 SHA512:
-  metadata.gz: 40f52780040a121411281d571b486e3d0f4cc4a8f90d15c5ed996ad52dbcfa39fc42fcaa868a9effb0f3b2fabde4a1cc9140c873532607fcbcfa2e03d8e51bf9
-  data.tar.gz: 219acc3467eeb26a34534e29c1a85c9fb8945874ec4019549cbf7ba14235839f959f15c109117c973d7a1b8b0fd4ff6709c08dff2d156fb7c15f86005a12f34e
+  metadata.gz: bf79eec5cdcddb81d3a8fa97a67e5e49664d3dc763633822c85d6355a0a3df76475172c9f06f3c571a6207483f8d616ede74a9f502929adc11ff4b8a9793e024
+  data.tar.gz: 3aa22c9f967259b0ac76bdc4a33b0aa6057a4c912369dfe3be48a38c6726ebd84af2c2ebefdf203527facc58159fd6c753edfd4cc09d4d5f9d24124637db670e

data/demo/server.rb CHANGED Viewed

@@ -19,8 +19,8 @@ HrrRbSsh::Logger.initialize logger
 tran_preferred_encryption_algorithms      = %w(aes128-ctr aes192-ctr aes256-ctr aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour)
-tran_preferred_server_host_key_algorithms = %w(ssh-rsa ssh-dss)
-tran_preferred_kex_algorithms             = %w(diffie-hellman-group14-sha1 diffie-hellman-group1-sha1)
+tran_preferred_server_host_key_algorithms = %w(ecdsa-sha2-nistp521 ecdsa-sha2-nistp384 ecdsa-sha2-nistp256 ssh-rsa ssh-dss)
+tran_preferred_kex_algorithms             = %w(ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1)
 tran_preferred_mac_algorithms             = %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96)
 tran_preferred_compression_algorithms     = %w(none zlib)
@@ -54,11 +54,19 @@ H6OpR/EnUmBttlvcL28CGOsZIwYJtAdVsGXpIXtiPLl2eEzaM9aBsS/LGWKgQNo3
 T6b+xuqhfiUpbc/stfdmgDc3B/ZgpFsQh5oWBoAfkL6kAEa4oQBFhqF0QM5ej6h5
 wqbQt4paM0aEuypWE+CaizA0I+El7f0y+59sUqTAN/7F9UlXaOBdd9SZkhACBrAR
 nQIDAQAB
+-----END PUBLIC KEY-----
+  EOB
+  ecdsa_sha2_nistp256_public_key_algorithm_name = 'ecdsa-sha2-nistp256'
+  ecdsa_sha2_nistp256_public_key = <<-'EOB'
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9DPmu6CIA5VCBaN9wpUP2UUZQ+dw
+77mTZ7lD+z5cjzF7OL/cPL1/zklAsYaH7z7OcPYRbe24QCG5YfJQZjevJQ==
 -----END PUBLIC KEY-----
   EOB
   [
     [dss_public_key_algorithm_name, dss_public_key],
     [rsa_public_key_algorithm_name, rsa_public_key],
+    [ecdsa_sha2_nistp256_public_key_algorithm_name, ecdsa_sha2_nistp256_public_key],
   ].any? { |public_key_algorithm_name, public_key|
     context.verify username, public_key_algorithm_name, public_key
   }

data/lib/hrr_rb_ssh/authentication/method/none.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module HrrRbSsh
         def authenticate userauth_request_message
           @logger.info("authenticate")
           @logger.debug("userauth request: " + userauth_request_message.inspect)
-          context = Context.new(userauth_request_message['user name'])
+          context = Context.new(userauth_request_message[:'user name'])
           @authenticator.authenticate context
         end
       end

data/lib/hrr_rb_ssh/authentication/method/password.rb CHANGED Viewed

@@ -18,8 +18,8 @@ module HrrRbSsh
         def authenticate userauth_request_message
           @logger.info("authenticate")
           @logger.debug("userauth request: " + userauth_request_message.inspect)
-          username = userauth_request_message['user name']
-          password = userauth_request_message['plaintext password']
+          username = userauth_request_message[:'user name']
+          password = userauth_request_message[:'plaintext password']
           context = Context.new(username, password)
           @authenticator.authenticate context
         end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp256
+            module EcdsaSignatureBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::Mpint, :'r'],
+                [DataType::Mpint, :'s'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp256
+            module PublicKeyBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String, :'public key algorithm name'],
+                [DataType::String, :'[identifier]'],
+                [DataType::String, :'Q'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp256
+            module Signature
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String, :'public key algorithm name'],
+                [DataType::String, :'signature blob'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp256
+            module SignatureBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String,  :'session identifier'],
+                [DataType::Byte,    :'message number'],
+                [DataType::String,  :'user name'],
+                [DataType::String,  :'service name'],
+                [DataType::String,  :'method name'],
+                [DataType::Boolean, :'with signature'],
+                [DataType::String,  :'public key algorithm name'],
+                [DataType::String,  :'public key blob'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb ADDED Viewed

@@ -0,0 +1,84 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/data_type'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp256 < Algorithm
+            NAME = 'ecdsa-sha2-nistp256'
+            PREFERENCE = 30
+            DIGEST = 'sha256'
+            IDENTIFIER = 'nistp256'
+            CURVE_NAME = 'prime256v1'
+            def initialize
+              @logger = HrrRbSsh::Logger.new(self.class.name)
+            end
+            def verify_public_key public_key_algorithm_name, public_key, public_key_blob
+              public_key = case public_key
+                           when String
+                             OpenSSL::PKey::EC.new(public_key)
+                           when OpenSSL::PKey::EC
+                             public_key
+                           else
+                             return false
+                           end
+              public_key_message = {
+                :'public key algorithm name' => public_key_algorithm_name,
+                :'[identifier]'              => self.class::IDENTIFIER,
+                :'Q'                         => public_key.public_key.to_bn.to_s(2)
+              }
+              public_key_blob == PublicKeyBlob.encode(public_key_message)
+            end
+            def verify_signature session_id, message
+              signature_message   = Signature.decode message[:'signature']
+              signature_algorithm = signature_message[:'public key algorithm name']
+              signature_blob      = signature_message[:'signature blob']
+              public_key = PublicKeyBlob.decode message[:'public key blob']
+              algorithm = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
+              algorithm.public_key = OpenSSL::PKey::EC::Point.new(algorithm.group, OpenSSL::BN.new(public_key[:'Q'], 2))
+              data_message = {
+                :'session identifier'        => session_id,
+                :'message number'            => message[:'message number'],
+                :'user name'                 => message[:'user name'],
+                :'service name'              => message[:'service name'],
+                :'method name'               => message[:'method name'],
+                :'with signature'            => message[:'with signature'],
+                :'public key algorithm name' => message[:'public key algorithm name'],
+                :'public key blob'           => message[:'public key blob'],
+              }
+              data_blob = SignatureBlob.encode data_message
+              hash = OpenSSL::Digest.digest(DIGEST, data_blob)
+              ecdsa_signature_blob = EcdsaSignatureBlob.decode signature_blob
+              sign_r = ecdsa_signature_blob[:'r']
+              sign_s = ecdsa_signature_blob[:'s']
+              sign_asn1 = OpenSSL::ASN1::Sequence.new(
+                [
+                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r)),
+                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s)),
+                ]
+              )
+              sign_der = sign_asn1.to_der
+              (signature_algorithm == message[:'public key algorithm name']) && algorithm.dsa_verify_asn1(hash, sign_der)
+            end
+          end
+        end
+      end
+    end
+  end
+end
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob'

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp384
+            module EcdsaSignatureBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::Mpint, :'r'],
+                [DataType::Mpint, :'s'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp384
+            module PublicKeyBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String, :'public key algorithm name'],
+                [DataType::String, :'[identifier]'],
+                [DataType::String, :'Q'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp384
+            module Signature
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String, :'public key algorithm name'],
+                [DataType::String, :'signature blob'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp384
+            module SignatureBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String,  :'session identifier'],
+                [DataType::Byte,    :'message number'],
+                [DataType::String,  :'user name'],
+                [DataType::String,  :'service name'],
+                [DataType::String,  :'method name'],
+                [DataType::Boolean, :'with signature'],
+                [DataType::String,  :'public key algorithm name'],
+                [DataType::String,  :'public key blob'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb ADDED Viewed

@@ -0,0 +1,84 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/data_type'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp384 < Algorithm
+            NAME = 'ecdsa-sha2-nistp384'
+            PREFERENCE = 40
+            DIGEST = 'sha384'
+            IDENTIFIER = 'nistp384'
+            CURVE_NAME = 'secp384r1'
+            def initialize
+              @logger = HrrRbSsh::Logger.new(self.class.name)
+            end
+            def verify_public_key public_key_algorithm_name, public_key, public_key_blob
+              public_key = case public_key
+                           when String
+                             OpenSSL::PKey::EC.new(public_key)
+                           when OpenSSL::PKey::EC
+                             public_key
+                           else
+                             return false
+                           end
+              public_key_message = {
+                :'public key algorithm name' => public_key_algorithm_name,
+                :'[identifier]'              => self.class::IDENTIFIER,
+                :'Q'                         => public_key.public_key.to_bn.to_s(2)
+              }
+              public_key_blob == PublicKeyBlob.encode(public_key_message)
+            end
+            def verify_signature session_id, message
+              signature_message   = Signature.decode message[:'signature']
+              signature_algorithm = signature_message[:'public key algorithm name']
+              signature_blob      = signature_message[:'signature blob']
+              public_key = PublicKeyBlob.decode message[:'public key blob']
+              algorithm = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
+              algorithm.public_key = OpenSSL::PKey::EC::Point.new(algorithm.group, OpenSSL::BN.new(public_key[:'Q'], 2))
+              data_message = {
+                :'session identifier'        => session_id,
+                :'message number'            => message[:'message number'],
+                :'user name'                 => message[:'user name'],
+                :'service name'              => message[:'service name'],
+                :'method name'               => message[:'method name'],
+                :'with signature'            => message[:'with signature'],
+                :'public key algorithm name' => message[:'public key algorithm name'],
+                :'public key blob'           => message[:'public key blob'],
+              }
+              data_blob = SignatureBlob.encode data_message
+              hash = OpenSSL::Digest.digest(DIGEST, data_blob)
+              ecdsa_signature_blob = EcdsaSignatureBlob.decode signature_blob
+              sign_r = ecdsa_signature_blob[:'r']
+              sign_s = ecdsa_signature_blob[:'s']
+              sign_asn1 = OpenSSL::ASN1::Sequence.new(
+                [
+                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r)),
+                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s)),
+                ]
+              )
+              sign_der = sign_asn1.to_der
+              (signature_algorithm == message[:'public key algorithm name']) && algorithm.dsa_verify_asn1(hash, sign_der)
+            end
+          end
+        end
+      end
+    end
+  end
+end
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob'

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp521
+            module EcdsaSignatureBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::Mpint, :'r'],
+                [DataType::Mpint, :'s'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp521
+            module PublicKeyBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String, :'public key algorithm name'],
+                [DataType::String, :'[identifier]'],
+                [DataType::String, :'Q'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp521
+            module Signature
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String, :'public key algorithm name'],
+                [DataType::String, :'signature blob'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/codable'
+module HrrRbSsh
+  class Authentication
+    class Method
+      class Publickey
+        class Algorithm
+          class EcdsaSha2Nistp521
+            module SignatureBlob
+              class << self
+                include Codable
+              end
+              DEFINITION = [
+                [DataType::String,  :'session identifier'],
+                [DataType::Byte,    :'message number'],
+                [DataType::String,  :'user name'],
+                [DataType::String,  :'service name'],
+                [DataType::String,  :'method name'],
+                [DataType::Boolean, :'with signature'],
+                [DataType::String,  :'public key algorithm name'],
+                [DataType::String,  :'public key blob'],
+              ]
+            end
+          end
+        end
+      end
+    end
+  end
+end