hrr_rb_ssh 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/demo/server.rb +10 -2
- data/lib/hrr_rb_ssh/authentication/method/none.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/password.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/public_key_blob.rb +5 -5
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature_blob.rb +8 -8
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb +24 -24
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/public_key_blob.rb +3 -3
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature_blob.rb +8 -8
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb +19 -19
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/context.rb +7 -7
- data/lib/hrr_rb_ssh/authentication/method/publickey.rb +7 -7
- data/lib/hrr_rb_ssh/authentication.rb +6 -6
- data/lib/hrr_rb_ssh/codable.rb +7 -2
- data/lib/hrr_rb_ssh/connection/channel/channel_type/direct_tcpip.rb +102 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain/chain_context.rb +26 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain.rb +29 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env/context.rb +2 -2
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req/context.rb +6 -6
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change/context.rb +4 -4
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb +42 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type.rb +1 -0
- data/lib/hrr_rb_ssh/connection/channel.rb +50 -63
- data/lib/hrr_rb_ssh/connection/request_handler/reference_shell_request_handler.rb +29 -9
- data/lib/hrr_rb_ssh/connection.rb +22 -27
- data/lib/hrr_rb_ssh/message/001_ssh_msg_disconnect.rb +4 -4
- data/lib/hrr_rb_ssh/message/002_ssh_msg_ignore.rb +2 -2
- data/lib/hrr_rb_ssh/message/003_ssh_msg_unimplemented.rb +2 -2
- data/lib/hrr_rb_ssh/message/004_ssh_msg_debug.rb +4 -4
- data/lib/hrr_rb_ssh/message/005_ssh_msg_service_request.rb +2 -2
- data/lib/hrr_rb_ssh/message/006_ssh_msg_service_accept.rb +2 -2
- data/lib/hrr_rb_ssh/message/020_ssh_msg_kexinit.rb +29 -29
- data/lib/hrr_rb_ssh/message/021_ssh_msg_newkeys.rb +1 -1
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kex_dh_gex_request_old.rb +2 -2
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kexdh_init.rb +2 -2
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kexecdh_init.rb +24 -0
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kex_dh_gex_group.rb +3 -3
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kexdh_reply.rb +4 -4
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kexecdh_reply.rb +26 -0
- data/lib/hrr_rb_ssh/message/032_ssh_msg_kex_dh_gex_init.rb +2 -2
- data/lib/hrr_rb_ssh/message/033_ssh_msg_kex_dh_gex_reply.rb +4 -4
- data/lib/hrr_rb_ssh/message/034_ssh_msg_kex_dh_gex_request.rb +4 -4
- data/lib/hrr_rb_ssh/message/050_ssh_msg_userauth_request.rb +17 -17
- data/lib/hrr_rb_ssh/message/051_ssh_msg_userauth_failure.rb +3 -3
- data/lib/hrr_rb_ssh/message/052_ssh_msg_userauth_success.rb +1 -1
- data/lib/hrr_rb_ssh/message/060_ssh_msg_userauth_pk_ok.rb +3 -3
- data/lib/hrr_rb_ssh/message/080_ssh_msg_global_request.rb +12 -12
- data/lib/hrr_rb_ssh/message/081_ssh_msg_request_success.rb +5 -5
- data/lib/hrr_rb_ssh/message/082_ssh_msg_request_failure.rb +1 -1
- data/lib/hrr_rb_ssh/message/090_ssh_msg_channel_open.rb +24 -24
- data/lib/hrr_rb_ssh/message/091_ssh_msg_channel_open_confirmation.rb +14 -24
- data/lib/hrr_rb_ssh/message/092_ssh_msg_channel_open_failure.rb +5 -5
- data/lib/hrr_rb_ssh/message/093_ssh_msg_channel_window_adjust.rb +3 -3
- data/lib/hrr_rb_ssh/message/094_ssh_msg_channel_data.rb +3 -3
- data/lib/hrr_rb_ssh/message/095_ssh_msg_channel_extended_data.rb +4 -4
- data/lib/hrr_rb_ssh/message/096_ssh_msg_channel_eof.rb +2 -2
- data/lib/hrr_rb_ssh/message/097_ssh_msg_channel_close.rb +2 -2
- data/lib/hrr_rb_ssh/message/098_ssh_msg_channel_request.rb +51 -51
- data/lib/hrr_rb_ssh/message/099_ssh_msg_channel_success.rb +2 -2
- data/lib/hrr_rb_ssh/message/100_ssh_msg_channel_failure.rb +2 -2
- data/lib/hrr_rb_ssh/message.rb +2 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman/h0.rb +8 -8
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman.rb +13 -13
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange/h0.rb +13 -13
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb +24 -24
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman/h0.rb +29 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman.rb +132 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp256.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp384.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp521.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb +79 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb +80 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521.rb +81 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/public_key_blob.rb +5 -5
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/signature.rb +2 -2
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss.rb +9 -9
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/public_key_blob.rb +3 -3
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/signature.rb +2 -2
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa.rb +6 -6
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/transport.rb +30 -30
- data/lib/hrr_rb_ssh/version.rb +1 -1
- metadata +39 -4
- data/lib/hrr_rb_ssh/connection/channel/proc_chain/chain_context.rb +0 -22
- data/lib/hrr_rb_ssh/connection/channel/proc_chain.rb +0 -25
@@ -32,106 +32,106 @@ module HrrRbSsh
|
|
32
32
|
|
33
33
|
DEFINITION = [
|
34
34
|
#[DataType, Field Name]
|
35
|
-
[DataType::Byte, 'message number'],
|
36
|
-
[DataType::Uint32, 'recipient channel'],
|
37
|
-
[DataType::String, 'request type'],
|
38
|
-
[DataType::Boolean, 'want reply'],
|
35
|
+
[DataType::Byte, :'message number'],
|
36
|
+
[DataType::Uint32, :'recipient channel'],
|
37
|
+
[DataType::String, :'request type'],
|
38
|
+
[DataType::Boolean, :'want reply'],
|
39
39
|
]
|
40
40
|
|
41
41
|
PTY_REQ_DEFINITION = [
|
42
42
|
#[DataType, Field Name]
|
43
|
-
#[DataType::String, 'request type' : "pty-req"],
|
44
|
-
[DataType::String, 'TERM environment variable value'],
|
45
|
-
[DataType::Uint32, 'terminal width, characters'],
|
46
|
-
[DataType::Uint32, 'terminal height, rows'],
|
47
|
-
[DataType::Uint32, 'terminal width, pixels'],
|
48
|
-
[DataType::Uint32, 'terminal height, pixels'],
|
49
|
-
[DataType::String, 'encoded terminal modes'],
|
43
|
+
#[DataType::String, :'request type' : "pty-req"],
|
44
|
+
[DataType::String, :'TERM environment variable value'],
|
45
|
+
[DataType::Uint32, :'terminal width, characters'],
|
46
|
+
[DataType::Uint32, :'terminal height, rows'],
|
47
|
+
[DataType::Uint32, :'terminal width, pixels'],
|
48
|
+
[DataType::Uint32, :'terminal height, pixels'],
|
49
|
+
[DataType::String, :'encoded terminal modes'],
|
50
50
|
]
|
51
51
|
|
52
52
|
X11_REQ_DEFINITION = [
|
53
53
|
#[DataType, Field Name]
|
54
|
-
#[DataType::String, 'request type' : "x11-req"],
|
55
|
-
[DataType::Boolean, 'single connection'],
|
56
|
-
[DataType::String, 'x11 authentication protocol'],
|
57
|
-
[DataType::String, 'x11 authentication cookie'],
|
58
|
-
[DataType::Uint32, 'x11 screen number'],
|
54
|
+
#[DataType::String, :'request type' : "x11-req"],
|
55
|
+
[DataType::Boolean, :'single connection'],
|
56
|
+
[DataType::String, :'x11 authentication protocol'],
|
57
|
+
[DataType::String, :'x11 authentication cookie'],
|
58
|
+
[DataType::Uint32, :'x11 screen number'],
|
59
59
|
]
|
60
60
|
|
61
61
|
ENV_DEFINITION = [
|
62
62
|
#[DataType, Field Name]
|
63
63
|
#[DataType::String, 'request type' : "env"],
|
64
|
-
[DataType::String, 'variable name'],
|
65
|
-
[DataType::String, 'variable value'],
|
64
|
+
[DataType::String, :'variable name'],
|
65
|
+
[DataType::String, :'variable value'],
|
66
66
|
]
|
67
67
|
|
68
68
|
SHELL_DEFINITION = [
|
69
69
|
#[DataType, Field Name]
|
70
|
-
#[DataType::String, 'request type' : "shell"],
|
70
|
+
#[DataType::String, :'request type' : "shell"],
|
71
71
|
]
|
72
72
|
|
73
73
|
EXEC_DEFINITION = [
|
74
74
|
#[DataType, Field Name]
|
75
|
-
#[DataType::String, 'request type' : "exec"],
|
76
|
-
[DataType::String, 'command'],
|
75
|
+
#[DataType::String, :'request type' : "exec"],
|
76
|
+
[DataType::String, :'command'],
|
77
77
|
]
|
78
78
|
|
79
79
|
SUBSYSTEM_DEFINITION = [
|
80
80
|
#[DataType, Field Name]
|
81
|
-
#[DataType::String, 'request type' : "subsystem"],
|
82
|
-
[DataType::String, 'subsystem name'],
|
81
|
+
#[DataType::String, :'request type' : "subsystem"],
|
82
|
+
[DataType::String, :'subsystem name'],
|
83
83
|
]
|
84
84
|
|
85
85
|
WINDOW_CHANGE_DEFINITION = [
|
86
86
|
#[DataType, Field Name]
|
87
|
-
#[DataType::String, 'request type' : "window-change"],
|
88
|
-
[DataType::Uint32, 'terminal width, columns'],
|
89
|
-
[DataType::Uint32, 'terminal height, rows'],
|
90
|
-
[DataType::Uint32, 'terminal width, pixels'],
|
91
|
-
[DataType::Uint32, 'terminal height, pixels'],
|
87
|
+
#[DataType::String, :'request type' : "window-change"],
|
88
|
+
[DataType::Uint32, :'terminal width, columns'],
|
89
|
+
[DataType::Uint32, :'terminal height, rows'],
|
90
|
+
[DataType::Uint32, :'terminal width, pixels'],
|
91
|
+
[DataType::Uint32, :'terminal height, pixels'],
|
92
92
|
]
|
93
93
|
|
94
94
|
XON_XOFF_DEFINITION = [
|
95
95
|
#[DataType, Field Name]
|
96
|
-
#[DataType::String, 'request type' : "xon-xoff"],
|
97
|
-
[DataType::Boolean, 'client can do'],
|
96
|
+
#[DataType::String, :'request type' : "xon-xoff"],
|
97
|
+
[DataType::Boolean, :'client can do'],
|
98
98
|
]
|
99
99
|
|
100
100
|
SIGNAL_DEFINITION = [
|
101
101
|
#[DataType, Field Name]
|
102
|
-
#[DataType::String, 'request type' : "signal"],
|
103
|
-
[DataType::String, 'signal name'],
|
102
|
+
#[DataType::String, :'request type' : "signal"],
|
103
|
+
[DataType::String, :'signal name'],
|
104
104
|
]
|
105
105
|
|
106
106
|
EXIT_STATUS_DEFINITION = [
|
107
107
|
#[DataType, Field Name]
|
108
|
-
#[DataType::String, 'request type' : "exit-status"],
|
109
|
-
[DataType::Uint32, 'exit status'],
|
108
|
+
#[DataType::String, :'request type' : "exit-status"],
|
109
|
+
[DataType::Uint32, :'exit status'],
|
110
110
|
]
|
111
111
|
|
112
112
|
EXIT_SIGNAL_DEFINITION = [
|
113
113
|
#[DataType, Field Name]
|
114
|
-
#[DataType::String, 'request type' : "exit-signal"],
|
115
|
-
[DataType::String, 'signal name'],
|
116
|
-
[DataType::Boolean, 'core dumped'],
|
117
|
-
[DataType::String, 'error message'],
|
118
|
-
[DataType::String, 'language tag'],
|
114
|
+
#[DataType::String, :'request type' : "exit-signal"],
|
115
|
+
[DataType::String, :'signal name'],
|
116
|
+
[DataType::Boolean, :'core dumped'],
|
117
|
+
[DataType::String, :'error message'],
|
118
|
+
[DataType::String, :'language tag'],
|
119
119
|
]
|
120
120
|
|
121
121
|
CONDITIONAL_DEFINITION = {
|
122
122
|
# Field Name => {Field Value => Conditional Definition}
|
123
|
-
'request type' => {
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
123
|
+
:'request type' => {
|
124
|
+
"pty-req" => PTY_REQ_DEFINITION,
|
125
|
+
"x11-req" => X11_REQ_DEFINITION,
|
126
|
+
"env" => ENV_DEFINITION,
|
127
|
+
"shell" => SHELL_DEFINITION,
|
128
|
+
"exec" => EXEC_DEFINITION,
|
129
|
+
"subsystem" => SUBSYSTEM_DEFINITION,
|
130
|
+
"window-change" => WINDOW_CHANGE_DEFINITION,
|
131
|
+
"xon-xoff" => XON_XOFF_DEFINITION,
|
132
|
+
"signal" => SIGNAL_DEFINITION,
|
133
|
+
"exit-status" => EXIT_STATUS_DEFINITION,
|
134
|
+
"exit-signal" => EXIT_SIGNAL_DEFINITION,
|
135
135
|
},
|
136
136
|
}
|
137
137
|
end
|
data/lib/hrr_rb_ssh/message.rb
CHANGED
@@ -16,6 +16,8 @@ require 'hrr_rb_ssh/message/031_ssh_msg_kex_dh_gex_group'
|
|
16
16
|
require 'hrr_rb_ssh/message/032_ssh_msg_kex_dh_gex_init'
|
17
17
|
require 'hrr_rb_ssh/message/033_ssh_msg_kex_dh_gex_reply'
|
18
18
|
require 'hrr_rb_ssh/message/034_ssh_msg_kex_dh_gex_request'
|
19
|
+
require 'hrr_rb_ssh/message/030_ssh_msg_kexecdh_init'
|
20
|
+
require 'hrr_rb_ssh/message/031_ssh_msg_kexecdh_reply'
|
19
21
|
require 'hrr_rb_ssh/message/050_ssh_msg_userauth_request'
|
20
22
|
require 'hrr_rb_ssh/message/051_ssh_msg_userauth_failure'
|
21
23
|
require 'hrr_rb_ssh/message/052_ssh_msg_userauth_success'
|
@@ -13,14 +13,14 @@ module HrrRbSsh
|
|
13
13
|
include Codable
|
14
14
|
end
|
15
15
|
DEFINITION = [
|
16
|
-
[DataType::String, 'V_C'],
|
17
|
-
[DataType::String, 'V_S'],
|
18
|
-
[DataType::String, 'I_C'],
|
19
|
-
[DataType::String, 'I_S'],
|
20
|
-
[DataType::String, 'K_S'],
|
21
|
-
[DataType::Mpint, 'e'],
|
22
|
-
[DataType::Mpint, 'f'],
|
23
|
-
[DataType::Mpint, 'k'],
|
16
|
+
[DataType::String, :'V_C'],
|
17
|
+
[DataType::String, :'V_S'],
|
18
|
+
[DataType::String, :'I_C'],
|
19
|
+
[DataType::String, :'I_S'],
|
20
|
+
[DataType::String, :'K_S'],
|
21
|
+
[DataType::Mpint, :'e'],
|
22
|
+
[DataType::Mpint, :'f'],
|
23
|
+
[DataType::Mpint, :'k'],
|
24
24
|
]
|
25
25
|
end
|
26
26
|
end
|
@@ -49,14 +49,14 @@ module HrrRbSsh
|
|
49
49
|
f = pub_key
|
50
50
|
|
51
51
|
h0_payload = {
|
52
|
-
'V_C' => transport.v_c,
|
53
|
-
'V_S' => transport.v_s,
|
54
|
-
'I_C' => transport.i_c,
|
55
|
-
'I_S' => transport.i_s,
|
56
|
-
'K_S' => transport.server_host_key_algorithm.server_public_host_key,
|
57
|
-
'e' => e,
|
58
|
-
'f' => f,
|
59
|
-
'k' => k,
|
52
|
+
:'V_C' => transport.v_c,
|
53
|
+
:'V_S' => transport.v_s,
|
54
|
+
:'I_C' => transport.i_c,
|
55
|
+
:'I_S' => transport.i_s,
|
56
|
+
:'K_S' => transport.server_host_key_algorithm.server_public_host_key,
|
57
|
+
:'e' => e,
|
58
|
+
:'f' => f,
|
59
|
+
:'k' => k,
|
60
60
|
}
|
61
61
|
h0 = H0.encode h0_payload
|
62
62
|
|
@@ -117,15 +117,15 @@ module HrrRbSsh
|
|
117
117
|
|
118
118
|
def receive_kexdh_init payload
|
119
119
|
message = HrrRbSsh::Message::SSH_MSG_KEXDH_INIT.decode payload
|
120
|
-
set_e message['e']
|
120
|
+
set_e message[:'e']
|
121
121
|
end
|
122
122
|
|
123
123
|
def send_kexdh_reply transport
|
124
124
|
message = {
|
125
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_KEXDH_REPLY::VALUE,
|
126
|
-
'server public host key and certificates (K_S)' => transport.server_host_key_algorithm.server_public_host_key,
|
127
|
-
'f' => pub_key,
|
128
|
-
'signature of H' => sign(transport),
|
125
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_KEXDH_REPLY::VALUE,
|
126
|
+
:'server public host key and certificates (K_S)' => transport.server_host_key_algorithm.server_public_host_key,
|
127
|
+
:'f' => pub_key,
|
128
|
+
:'signature of H' => sign(transport),
|
129
129
|
}
|
130
130
|
payload = HrrRbSsh::Message::SSH_MSG_KEXDH_REPLY.encode message
|
131
131
|
transport.send payload
|
@@ -13,19 +13,19 @@ module HrrRbSsh
|
|
13
13
|
include Codable
|
14
14
|
end
|
15
15
|
DEFINITION = [
|
16
|
-
[DataType::String, 'V_C'],
|
17
|
-
[DataType::String, 'V_S'],
|
18
|
-
[DataType::String, 'I_C'],
|
19
|
-
[DataType::String, 'I_S'],
|
20
|
-
[DataType::String, 'K_S'],
|
21
|
-
[DataType::Uint32, 'min'],
|
22
|
-
[DataType::Uint32, 'n'],
|
23
|
-
[DataType::Uint32, 'max'],
|
24
|
-
[DataType::Mpint, 'p'],
|
25
|
-
[DataType::Mpint, 'g'],
|
26
|
-
[DataType::Mpint, 'e'],
|
27
|
-
[DataType::Mpint, 'f'],
|
28
|
-
[DataType::Mpint, 'k'],
|
16
|
+
[DataType::String, :'V_C'],
|
17
|
+
[DataType::String, :'V_S'],
|
18
|
+
[DataType::String, :'I_C'],
|
19
|
+
[DataType::String, :'I_S'],
|
20
|
+
[DataType::String, :'K_S'],
|
21
|
+
[DataType::Uint32, :'min'],
|
22
|
+
[DataType::Uint32, :'n'],
|
23
|
+
[DataType::Uint32, :'max'],
|
24
|
+
[DataType::Mpint, :'p'],
|
25
|
+
[DataType::Mpint, :'g'],
|
26
|
+
[DataType::Mpint, :'e'],
|
27
|
+
[DataType::Mpint, :'f'],
|
28
|
+
[DataType::Mpint, :'k'],
|
29
29
|
]
|
30
30
|
end
|
31
31
|
end
|
@@ -60,19 +60,19 @@ module HrrRbSsh
|
|
60
60
|
f = pub_key
|
61
61
|
|
62
62
|
h0_payload = {
|
63
|
-
'V_C' => transport.v_c,
|
64
|
-
'V_S' => transport.v_s,
|
65
|
-
'I_C' => transport.i_c,
|
66
|
-
'I_S' => transport.i_s,
|
67
|
-
'K_S' => transport.server_host_key_algorithm.server_public_host_key,
|
68
|
-
'min' => @min,
|
69
|
-
'n' => @n,
|
70
|
-
'max' => @max,
|
71
|
-
'p' => @dh.p.to_i,
|
72
|
-
'g' => @dh.g.to_i,
|
73
|
-
'e' => e,
|
74
|
-
'f' => f,
|
75
|
-
'k' => k,
|
63
|
+
:'V_C' => transport.v_c,
|
64
|
+
:'V_S' => transport.v_s,
|
65
|
+
:'I_C' => transport.i_c,
|
66
|
+
:'I_S' => transport.i_s,
|
67
|
+
:'K_S' => transport.server_host_key_algorithm.server_public_host_key,
|
68
|
+
:'min' => @min,
|
69
|
+
:'n' => @n,
|
70
|
+
:'max' => @max,
|
71
|
+
:'p' => @dh.p.to_i,
|
72
|
+
:'g' => @dh.g.to_i,
|
73
|
+
:'e' => e,
|
74
|
+
:'f' => f,
|
75
|
+
:'k' => k,
|
76
76
|
}
|
77
77
|
h0 = H0.encode h0_payload
|
78
78
|
|
@@ -132,16 +132,16 @@ module HrrRbSsh
|
|
132
132
|
|
133
133
|
def receive_kex_dh_gex_request payload
|
134
134
|
message = HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_REQUEST.decode payload
|
135
|
-
@min = message['min']
|
136
|
-
@n = message['n']
|
137
|
-
@max = message['max']
|
135
|
+
@min = message[:'min']
|
136
|
+
@n = message[:'n']
|
137
|
+
@max = message[:'max']
|
138
138
|
end
|
139
139
|
|
140
140
|
def send_kex_dh_gex_group transport
|
141
141
|
message = {
|
142
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_GROUP::VALUE,
|
143
|
-
'p' => @dh.p.to_i,
|
144
|
-
'g' => @dh.g.to_i,
|
142
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_GROUP::VALUE,
|
143
|
+
:'p' => @dh.p.to_i,
|
144
|
+
:'g' => @dh.g.to_i,
|
145
145
|
}
|
146
146
|
payload = HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_GROUP.encode message
|
147
147
|
transport.send payload
|
@@ -149,15 +149,15 @@ module HrrRbSsh
|
|
149
149
|
|
150
150
|
def receive_kex_dh_gex_init payload
|
151
151
|
message = HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_INIT.decode payload
|
152
|
-
set_e message['e']
|
152
|
+
set_e message[:'e']
|
153
153
|
end
|
154
154
|
|
155
155
|
def send_kex_dh_gex_reply transport
|
156
156
|
message = {
|
157
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_REPLY::VALUE,
|
158
|
-
'server public host key and certificates (K_S)' => transport.server_host_key_algorithm.server_public_host_key,
|
159
|
-
'f' => pub_key,
|
160
|
-
'signature of H' => sign(transport),
|
157
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_REPLY::VALUE,
|
158
|
+
:'server public host key and certificates (K_S)' => transport.server_host_key_algorithm.server_public_host_key,
|
159
|
+
:'f' => pub_key,
|
160
|
+
:'signature of H' => sign(transport),
|
161
161
|
}
|
162
162
|
payload = HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_REPLY.encode message
|
163
163
|
transport.send payload
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class KexAlgorithm
|
10
|
+
module EllipticCurveDiffieHellman
|
11
|
+
module H0
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'V_C'],
|
17
|
+
[DataType::String, :'V_S'],
|
18
|
+
[DataType::String, :'I_C'],
|
19
|
+
[DataType::String, :'I_S'],
|
20
|
+
[DataType::String, :'K_S'],
|
21
|
+
[DataType::Mpint, :'Q_C'],
|
22
|
+
[DataType::Mpint, :'Q_S'],
|
23
|
+
[DataType::Mpint, :'K'],
|
24
|
+
]
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,132 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'openssl'
|
5
|
+
require 'hrr_rb_ssh/logger'
|
6
|
+
require 'hrr_rb_ssh/data_type'
|
7
|
+
|
8
|
+
module HrrRbSsh
|
9
|
+
class Transport
|
10
|
+
class KexAlgorithm
|
11
|
+
module EllipticCurveDiffieHellman
|
12
|
+
def initialize
|
13
|
+
@logger = HrrRbSsh::Logger.new(self.class.name)
|
14
|
+
@dh = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
|
15
|
+
@dh.generate_key
|
16
|
+
end
|
17
|
+
|
18
|
+
def start transport, mode
|
19
|
+
case mode
|
20
|
+
when HrrRbSsh::Transport::Mode::SERVER
|
21
|
+
receive_kexecdh_init transport.receive
|
22
|
+
send_kexecdh_reply transport
|
23
|
+
else
|
24
|
+
raise "unsupported mode"
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
def set_q_c q_c
|
29
|
+
@q_c = q_c
|
30
|
+
end
|
31
|
+
|
32
|
+
def shared_secret
|
33
|
+
k = OpenSSL::BN.new(@dh.dh_compute_key(OpenSSL::PKey::EC::Point.new(OpenSSL::PKey::EC.new(self.class::CURVE_NAME).group, OpenSSL::BN.new(@q_c))), 2).to_i
|
34
|
+
end
|
35
|
+
|
36
|
+
def public_key
|
37
|
+
f = @dh.public_key.to_bn.to_i
|
38
|
+
end
|
39
|
+
|
40
|
+
def hash transport
|
41
|
+
q_c = @q_c
|
42
|
+
q_s = public_key
|
43
|
+
k = shared_secret
|
44
|
+
|
45
|
+
h0_payload = {
|
46
|
+
:'V_C' => transport.v_c,
|
47
|
+
:'V_S' => transport.v_s,
|
48
|
+
:'I_C' => transport.i_c,
|
49
|
+
:'I_S' => transport.i_s,
|
50
|
+
:'K_S' => transport.server_host_key_algorithm.server_public_host_key,
|
51
|
+
:'Q_C' => q_c,
|
52
|
+
:'Q_S' => q_s,
|
53
|
+
:'K' => k,
|
54
|
+
}
|
55
|
+
h0 = H0.encode h0_payload
|
56
|
+
|
57
|
+
h = OpenSSL::Digest.digest self.class::DIGEST, h0
|
58
|
+
|
59
|
+
h
|
60
|
+
end
|
61
|
+
|
62
|
+
def sign transport
|
63
|
+
h = hash transport
|
64
|
+
s = transport.server_host_key_algorithm.sign h
|
65
|
+
|
66
|
+
s
|
67
|
+
end
|
68
|
+
|
69
|
+
def build_key(_k, h, _x, session_id, key_length)
|
70
|
+
k = DataType::Mpint.encode _k
|
71
|
+
x = DataType::Byte.encode _x
|
72
|
+
|
73
|
+
key = OpenSSL::Digest.digest(self.class::DIGEST, k + h + x + session_id)
|
74
|
+
|
75
|
+
while key.length < key_length
|
76
|
+
key = key + OpenSSL::Digest.digest(self.class::DIGEST, k + h + key )
|
77
|
+
end
|
78
|
+
|
79
|
+
key[0, key_length]
|
80
|
+
end
|
81
|
+
|
82
|
+
def iv_c_to_s transport, encryption_algorithm_c_to_s_name
|
83
|
+
key_length = HrrRbSsh::Transport::EncryptionAlgorithm[encryption_algorithm_c_to_s_name]::IV_LENGTH
|
84
|
+
build_key(shared_secret, hash(transport), 'A'.ord, transport.session_id, key_length)
|
85
|
+
end
|
86
|
+
|
87
|
+
def iv_s_to_c transport, encryption_algorithm_s_to_c_name
|
88
|
+
key_length = HrrRbSsh::Transport::EncryptionAlgorithm[encryption_algorithm_s_to_c_name]::IV_LENGTH
|
89
|
+
build_key(shared_secret, hash(transport), 'B'.ord, transport.session_id, key_length)
|
90
|
+
end
|
91
|
+
|
92
|
+
def key_c_to_s transport, encryption_algorithm_c_to_s_name
|
93
|
+
key_length = HrrRbSsh::Transport::EncryptionAlgorithm[encryption_algorithm_c_to_s_name]::KEY_LENGTH
|
94
|
+
build_key(shared_secret, hash(transport), 'C'.ord, transport.session_id, key_length)
|
95
|
+
end
|
96
|
+
|
97
|
+
def key_s_to_c transport, encryption_algorithm_s_to_c_name
|
98
|
+
key_length = HrrRbSsh::Transport::EncryptionAlgorithm[encryption_algorithm_s_to_c_name]::KEY_LENGTH
|
99
|
+
build_key(shared_secret, hash(transport), 'D'.ord, transport.session_id, key_length)
|
100
|
+
end
|
101
|
+
|
102
|
+
def mac_c_to_s transport, mac_algorithm_c_to_s_name
|
103
|
+
key_length = HrrRbSsh::Transport::MacAlgorithm[mac_algorithm_c_to_s_name]::KEY_LENGTH
|
104
|
+
build_key(shared_secret, hash(transport), 'E'.ord, transport.session_id, key_length)
|
105
|
+
end
|
106
|
+
|
107
|
+
def mac_s_to_c transport, mac_algorithm_s_to_c_name
|
108
|
+
key_length = HrrRbSsh::Transport::MacAlgorithm[mac_algorithm_s_to_c_name]::KEY_LENGTH
|
109
|
+
build_key(shared_secret, hash(transport), 'F'.ord, transport.session_id, key_length)
|
110
|
+
end
|
111
|
+
|
112
|
+
def receive_kexecdh_init payload
|
113
|
+
message = HrrRbSsh::Message::SSH_MSG_KEXECDH_INIT.decode payload
|
114
|
+
set_q_c message[:'Q_C']
|
115
|
+
end
|
116
|
+
|
117
|
+
def send_kexecdh_reply transport
|
118
|
+
message = {
|
119
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_KEXECDH_REPLY::VALUE,
|
120
|
+
:'K_S' => transport.server_host_key_algorithm.server_public_host_key,
|
121
|
+
:'Q_S' => public_key,
|
122
|
+
:'signature of H' => sign(transport),
|
123
|
+
}
|
124
|
+
payload = HrrRbSsh::Message::SSH_MSG_KEXECDH_REPLY.encode message
|
125
|
+
transport.send payload
|
126
|
+
end
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman/h0'
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
class Transport
|
8
|
+
class KexAlgorithm
|
9
|
+
class EllipticCurveDiffieHellmanSha2Nistp256 < KexAlgorithm
|
10
|
+
NAME = 'ecdh-sha2-nistp256'
|
11
|
+
PREFERENCE = 100
|
12
|
+
DIGEST = 'sha256'
|
13
|
+
CURVE_NAME = 'prime256v1'
|
14
|
+
include EllipticCurveDiffieHellman
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
class Transport
|
8
|
+
class KexAlgorithm
|
9
|
+
class EllipticCurveDiffieHellmanSha2Nistp384 < KexAlgorithm
|
10
|
+
NAME = 'ecdh-sha2-nistp384'
|
11
|
+
PREFERENCE = 110
|
12
|
+
DIGEST = 'sha384'
|
13
|
+
CURVE_NAME = 'secp384r1'
|
14
|
+
include EllipticCurveDiffieHellman
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
class Transport
|
8
|
+
class KexAlgorithm
|
9
|
+
class EllipticCurveDiffieHellmanSha2Nistp521 < KexAlgorithm
|
10
|
+
NAME = 'ecdh-sha2-nistp521'
|
11
|
+
PREFERENCE = 120
|
12
|
+
DIGEST = 'sha512'
|
13
|
+
CURVE_NAME = 'secp521r1'
|
14
|
+
include EllipticCurveDiffieHellman
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -23,3 +23,6 @@ require 'hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group15_sha512'
|
|
23
23
|
require 'hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group16_sha512'
|
24
24
|
require 'hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group17_sha512'
|
25
25
|
require 'hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group18_sha512'
|
26
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp256'
|
27
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp384'
|
28
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp521'
|
data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp256
|
11
|
+
module EcdsaSignatureBlob
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::Mpint, :'r'],
|
17
|
+
[DataType::Mpint, :'s'],
|
18
|
+
]
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/public_key_blob.rb
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp256
|
11
|
+
module PublicKeyBlob
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'ecdsa-sha2-[identifier]'],
|
17
|
+
[DataType::String, :'[identifier]'],
|
18
|
+
[DataType::String, :'Q'],
|
19
|
+
]
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|