hrr_rb_ssh 0.1.4 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/demo/server.rb +10 -2
- data/lib/hrr_rb_ssh/authentication/method/none.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/password.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/public_key_blob.rb +5 -5
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature_blob.rb +8 -8
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb +24 -24
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/public_key_blob.rb +3 -3
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature_blob.rb +8 -8
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb +19 -19
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/context.rb +7 -7
- data/lib/hrr_rb_ssh/authentication/method/publickey.rb +7 -7
- data/lib/hrr_rb_ssh/authentication.rb +6 -6
- data/lib/hrr_rb_ssh/codable.rb +7 -2
- data/lib/hrr_rb_ssh/connection/channel/channel_type/direct_tcpip.rb +102 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain/chain_context.rb +26 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain.rb +29 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env/context.rb +2 -2
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req/context.rb +6 -6
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change/context.rb +4 -4
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb +42 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type.rb +1 -0
- data/lib/hrr_rb_ssh/connection/channel.rb +50 -63
- data/lib/hrr_rb_ssh/connection/request_handler/reference_shell_request_handler.rb +29 -9
- data/lib/hrr_rb_ssh/connection.rb +22 -27
- data/lib/hrr_rb_ssh/message/001_ssh_msg_disconnect.rb +4 -4
- data/lib/hrr_rb_ssh/message/002_ssh_msg_ignore.rb +2 -2
- data/lib/hrr_rb_ssh/message/003_ssh_msg_unimplemented.rb +2 -2
- data/lib/hrr_rb_ssh/message/004_ssh_msg_debug.rb +4 -4
- data/lib/hrr_rb_ssh/message/005_ssh_msg_service_request.rb +2 -2
- data/lib/hrr_rb_ssh/message/006_ssh_msg_service_accept.rb +2 -2
- data/lib/hrr_rb_ssh/message/020_ssh_msg_kexinit.rb +29 -29
- data/lib/hrr_rb_ssh/message/021_ssh_msg_newkeys.rb +1 -1
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kex_dh_gex_request_old.rb +2 -2
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kexdh_init.rb +2 -2
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kexecdh_init.rb +24 -0
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kex_dh_gex_group.rb +3 -3
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kexdh_reply.rb +4 -4
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kexecdh_reply.rb +26 -0
- data/lib/hrr_rb_ssh/message/032_ssh_msg_kex_dh_gex_init.rb +2 -2
- data/lib/hrr_rb_ssh/message/033_ssh_msg_kex_dh_gex_reply.rb +4 -4
- data/lib/hrr_rb_ssh/message/034_ssh_msg_kex_dh_gex_request.rb +4 -4
- data/lib/hrr_rb_ssh/message/050_ssh_msg_userauth_request.rb +17 -17
- data/lib/hrr_rb_ssh/message/051_ssh_msg_userauth_failure.rb +3 -3
- data/lib/hrr_rb_ssh/message/052_ssh_msg_userauth_success.rb +1 -1
- data/lib/hrr_rb_ssh/message/060_ssh_msg_userauth_pk_ok.rb +3 -3
- data/lib/hrr_rb_ssh/message/080_ssh_msg_global_request.rb +12 -12
- data/lib/hrr_rb_ssh/message/081_ssh_msg_request_success.rb +5 -5
- data/lib/hrr_rb_ssh/message/082_ssh_msg_request_failure.rb +1 -1
- data/lib/hrr_rb_ssh/message/090_ssh_msg_channel_open.rb +24 -24
- data/lib/hrr_rb_ssh/message/091_ssh_msg_channel_open_confirmation.rb +14 -24
- data/lib/hrr_rb_ssh/message/092_ssh_msg_channel_open_failure.rb +5 -5
- data/lib/hrr_rb_ssh/message/093_ssh_msg_channel_window_adjust.rb +3 -3
- data/lib/hrr_rb_ssh/message/094_ssh_msg_channel_data.rb +3 -3
- data/lib/hrr_rb_ssh/message/095_ssh_msg_channel_extended_data.rb +4 -4
- data/lib/hrr_rb_ssh/message/096_ssh_msg_channel_eof.rb +2 -2
- data/lib/hrr_rb_ssh/message/097_ssh_msg_channel_close.rb +2 -2
- data/lib/hrr_rb_ssh/message/098_ssh_msg_channel_request.rb +51 -51
- data/lib/hrr_rb_ssh/message/099_ssh_msg_channel_success.rb +2 -2
- data/lib/hrr_rb_ssh/message/100_ssh_msg_channel_failure.rb +2 -2
- data/lib/hrr_rb_ssh/message.rb +2 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman/h0.rb +8 -8
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman.rb +13 -13
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange/h0.rb +13 -13
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb +24 -24
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman/h0.rb +29 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman.rb +132 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp256.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp384.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp521.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb +79 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb +80 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521.rb +81 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/public_key_blob.rb +5 -5
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/signature.rb +2 -2
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss.rb +9 -9
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/public_key_blob.rb +3 -3
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/signature.rb +2 -2
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa.rb +6 -6
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/transport.rb +30 -30
- data/lib/hrr_rb_ssh/version.rb +1 -1
- metadata +39 -4
- data/lib/hrr_rb_ssh/connection/channel/proc_chain/chain_context.rb +0 -22
- data/lib/hrr_rb_ssh/connection/channel/proc_chain.rb +0 -25
@@ -32,106 +32,106 @@ module HrrRbSsh
|
|
32
32
|
|
33
33
|
DEFINITION = [
|
34
34
|
#[DataType, Field Name]
|
35
|
-
[DataType::Byte, 'message number'],
|
36
|
-
[DataType::Uint32, 'recipient channel'],
|
37
|
-
[DataType::String, 'request type'],
|
38
|
-
[DataType::Boolean, 'want reply'],
|
35
|
+
[DataType::Byte, :'message number'],
|
36
|
+
[DataType::Uint32, :'recipient channel'],
|
37
|
+
[DataType::String, :'request type'],
|
38
|
+
[DataType::Boolean, :'want reply'],
|
39
39
|
]
|
40
40
|
|
41
41
|
PTY_REQ_DEFINITION = [
|
42
42
|
#[DataType, Field Name]
|
43
|
-
#[DataType::String, 'request type' : "pty-req"],
|
44
|
-
[DataType::String, 'TERM environment variable value'],
|
45
|
-
[DataType::Uint32, 'terminal width, characters'],
|
46
|
-
[DataType::Uint32, 'terminal height, rows'],
|
47
|
-
[DataType::Uint32, 'terminal width, pixels'],
|
48
|
-
[DataType::Uint32, 'terminal height, pixels'],
|
49
|
-
[DataType::String, 'encoded terminal modes'],
|
43
|
+
#[DataType::String, :'request type' : "pty-req"],
|
44
|
+
[DataType::String, :'TERM environment variable value'],
|
45
|
+
[DataType::Uint32, :'terminal width, characters'],
|
46
|
+
[DataType::Uint32, :'terminal height, rows'],
|
47
|
+
[DataType::Uint32, :'terminal width, pixels'],
|
48
|
+
[DataType::Uint32, :'terminal height, pixels'],
|
49
|
+
[DataType::String, :'encoded terminal modes'],
|
50
50
|
]
|
51
51
|
|
52
52
|
X11_REQ_DEFINITION = [
|
53
53
|
#[DataType, Field Name]
|
54
|
-
#[DataType::String, 'request type' : "x11-req"],
|
55
|
-
[DataType::Boolean, 'single connection'],
|
56
|
-
[DataType::String, 'x11 authentication protocol'],
|
57
|
-
[DataType::String, 'x11 authentication cookie'],
|
58
|
-
[DataType::Uint32, 'x11 screen number'],
|
54
|
+
#[DataType::String, :'request type' : "x11-req"],
|
55
|
+
[DataType::Boolean, :'single connection'],
|
56
|
+
[DataType::String, :'x11 authentication protocol'],
|
57
|
+
[DataType::String, :'x11 authentication cookie'],
|
58
|
+
[DataType::Uint32, :'x11 screen number'],
|
59
59
|
]
|
60
60
|
|
61
61
|
ENV_DEFINITION = [
|
62
62
|
#[DataType, Field Name]
|
63
63
|
#[DataType::String, 'request type' : "env"],
|
64
|
-
[DataType::String, 'variable name'],
|
65
|
-
[DataType::String, 'variable value'],
|
64
|
+
[DataType::String, :'variable name'],
|
65
|
+
[DataType::String, :'variable value'],
|
66
66
|
]
|
67
67
|
|
68
68
|
SHELL_DEFINITION = [
|
69
69
|
#[DataType, Field Name]
|
70
|
-
#[DataType::String, 'request type' : "shell"],
|
70
|
+
#[DataType::String, :'request type' : "shell"],
|
71
71
|
]
|
72
72
|
|
73
73
|
EXEC_DEFINITION = [
|
74
74
|
#[DataType, Field Name]
|
75
|
-
#[DataType::String, 'request type' : "exec"],
|
76
|
-
[DataType::String, 'command'],
|
75
|
+
#[DataType::String, :'request type' : "exec"],
|
76
|
+
[DataType::String, :'command'],
|
77
77
|
]
|
78
78
|
|
79
79
|
SUBSYSTEM_DEFINITION = [
|
80
80
|
#[DataType, Field Name]
|
81
|
-
#[DataType::String, 'request type' : "subsystem"],
|
82
|
-
[DataType::String, 'subsystem name'],
|
81
|
+
#[DataType::String, :'request type' : "subsystem"],
|
82
|
+
[DataType::String, :'subsystem name'],
|
83
83
|
]
|
84
84
|
|
85
85
|
WINDOW_CHANGE_DEFINITION = [
|
86
86
|
#[DataType, Field Name]
|
87
|
-
#[DataType::String, 'request type' : "window-change"],
|
88
|
-
[DataType::Uint32, 'terminal width, columns'],
|
89
|
-
[DataType::Uint32, 'terminal height, rows'],
|
90
|
-
[DataType::Uint32, 'terminal width, pixels'],
|
91
|
-
[DataType::Uint32, 'terminal height, pixels'],
|
87
|
+
#[DataType::String, :'request type' : "window-change"],
|
88
|
+
[DataType::Uint32, :'terminal width, columns'],
|
89
|
+
[DataType::Uint32, :'terminal height, rows'],
|
90
|
+
[DataType::Uint32, :'terminal width, pixels'],
|
91
|
+
[DataType::Uint32, :'terminal height, pixels'],
|
92
92
|
]
|
93
93
|
|
94
94
|
XON_XOFF_DEFINITION = [
|
95
95
|
#[DataType, Field Name]
|
96
|
-
#[DataType::String, 'request type' : "xon-xoff"],
|
97
|
-
[DataType::Boolean, 'client can do'],
|
96
|
+
#[DataType::String, :'request type' : "xon-xoff"],
|
97
|
+
[DataType::Boolean, :'client can do'],
|
98
98
|
]
|
99
99
|
|
100
100
|
SIGNAL_DEFINITION = [
|
101
101
|
#[DataType, Field Name]
|
102
|
-
#[DataType::String, 'request type' : "signal"],
|
103
|
-
[DataType::String, 'signal name'],
|
102
|
+
#[DataType::String, :'request type' : "signal"],
|
103
|
+
[DataType::String, :'signal name'],
|
104
104
|
]
|
105
105
|
|
106
106
|
EXIT_STATUS_DEFINITION = [
|
107
107
|
#[DataType, Field Name]
|
108
|
-
#[DataType::String, 'request type' : "exit-status"],
|
109
|
-
[DataType::Uint32, 'exit status'],
|
108
|
+
#[DataType::String, :'request type' : "exit-status"],
|
109
|
+
[DataType::Uint32, :'exit status'],
|
110
110
|
]
|
111
111
|
|
112
112
|
EXIT_SIGNAL_DEFINITION = [
|
113
113
|
#[DataType, Field Name]
|
114
|
-
#[DataType::String, 'request type' : "exit-signal"],
|
115
|
-
[DataType::String, 'signal name'],
|
116
|
-
[DataType::Boolean, 'core dumped'],
|
117
|
-
[DataType::String, 'error message'],
|
118
|
-
[DataType::String, 'language tag'],
|
114
|
+
#[DataType::String, :'request type' : "exit-signal"],
|
115
|
+
[DataType::String, :'signal name'],
|
116
|
+
[DataType::Boolean, :'core dumped'],
|
117
|
+
[DataType::String, :'error message'],
|
118
|
+
[DataType::String, :'language tag'],
|
119
119
|
]
|
120
120
|
|
121
121
|
CONDITIONAL_DEFINITION = {
|
122
122
|
# Field Name => {Field Value => Conditional Definition}
|
123
|
-
'request type' => {
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
123
|
+
:'request type' => {
|
124
|
+
"pty-req" => PTY_REQ_DEFINITION,
|
125
|
+
"x11-req" => X11_REQ_DEFINITION,
|
126
|
+
"env" => ENV_DEFINITION,
|
127
|
+
"shell" => SHELL_DEFINITION,
|
128
|
+
"exec" => EXEC_DEFINITION,
|
129
|
+
"subsystem" => SUBSYSTEM_DEFINITION,
|
130
|
+
"window-change" => WINDOW_CHANGE_DEFINITION,
|
131
|
+
"xon-xoff" => XON_XOFF_DEFINITION,
|
132
|
+
"signal" => SIGNAL_DEFINITION,
|
133
|
+
"exit-status" => EXIT_STATUS_DEFINITION,
|
134
|
+
"exit-signal" => EXIT_SIGNAL_DEFINITION,
|
135
135
|
},
|
136
136
|
}
|
137
137
|
end
|
data/lib/hrr_rb_ssh/message.rb
CHANGED
@@ -16,6 +16,8 @@ require 'hrr_rb_ssh/message/031_ssh_msg_kex_dh_gex_group'
|
|
16
16
|
require 'hrr_rb_ssh/message/032_ssh_msg_kex_dh_gex_init'
|
17
17
|
require 'hrr_rb_ssh/message/033_ssh_msg_kex_dh_gex_reply'
|
18
18
|
require 'hrr_rb_ssh/message/034_ssh_msg_kex_dh_gex_request'
|
19
|
+
require 'hrr_rb_ssh/message/030_ssh_msg_kexecdh_init'
|
20
|
+
require 'hrr_rb_ssh/message/031_ssh_msg_kexecdh_reply'
|
19
21
|
require 'hrr_rb_ssh/message/050_ssh_msg_userauth_request'
|
20
22
|
require 'hrr_rb_ssh/message/051_ssh_msg_userauth_failure'
|
21
23
|
require 'hrr_rb_ssh/message/052_ssh_msg_userauth_success'
|
@@ -13,14 +13,14 @@ module HrrRbSsh
|
|
13
13
|
include Codable
|
14
14
|
end
|
15
15
|
DEFINITION = [
|
16
|
-
[DataType::String, 'V_C'],
|
17
|
-
[DataType::String, 'V_S'],
|
18
|
-
[DataType::String, 'I_C'],
|
19
|
-
[DataType::String, 'I_S'],
|
20
|
-
[DataType::String, 'K_S'],
|
21
|
-
[DataType::Mpint, 'e'],
|
22
|
-
[DataType::Mpint, 'f'],
|
23
|
-
[DataType::Mpint, 'k'],
|
16
|
+
[DataType::String, :'V_C'],
|
17
|
+
[DataType::String, :'V_S'],
|
18
|
+
[DataType::String, :'I_C'],
|
19
|
+
[DataType::String, :'I_S'],
|
20
|
+
[DataType::String, :'K_S'],
|
21
|
+
[DataType::Mpint, :'e'],
|
22
|
+
[DataType::Mpint, :'f'],
|
23
|
+
[DataType::Mpint, :'k'],
|
24
24
|
]
|
25
25
|
end
|
26
26
|
end
|
@@ -49,14 +49,14 @@ module HrrRbSsh
|
|
49
49
|
f = pub_key
|
50
50
|
|
51
51
|
h0_payload = {
|
52
|
-
'V_C' => transport.v_c,
|
53
|
-
'V_S' => transport.v_s,
|
54
|
-
'I_C' => transport.i_c,
|
55
|
-
'I_S' => transport.i_s,
|
56
|
-
'K_S' => transport.server_host_key_algorithm.server_public_host_key,
|
57
|
-
'e' => e,
|
58
|
-
'f' => f,
|
59
|
-
'k' => k,
|
52
|
+
:'V_C' => transport.v_c,
|
53
|
+
:'V_S' => transport.v_s,
|
54
|
+
:'I_C' => transport.i_c,
|
55
|
+
:'I_S' => transport.i_s,
|
56
|
+
:'K_S' => transport.server_host_key_algorithm.server_public_host_key,
|
57
|
+
:'e' => e,
|
58
|
+
:'f' => f,
|
59
|
+
:'k' => k,
|
60
60
|
}
|
61
61
|
h0 = H0.encode h0_payload
|
62
62
|
|
@@ -117,15 +117,15 @@ module HrrRbSsh
|
|
117
117
|
|
118
118
|
def receive_kexdh_init payload
|
119
119
|
message = HrrRbSsh::Message::SSH_MSG_KEXDH_INIT.decode payload
|
120
|
-
set_e message['e']
|
120
|
+
set_e message[:'e']
|
121
121
|
end
|
122
122
|
|
123
123
|
def send_kexdh_reply transport
|
124
124
|
message = {
|
125
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_KEXDH_REPLY::VALUE,
|
126
|
-
'server public host key and certificates (K_S)' => transport.server_host_key_algorithm.server_public_host_key,
|
127
|
-
'f' => pub_key,
|
128
|
-
'signature of H' => sign(transport),
|
125
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_KEXDH_REPLY::VALUE,
|
126
|
+
:'server public host key and certificates (K_S)' => transport.server_host_key_algorithm.server_public_host_key,
|
127
|
+
:'f' => pub_key,
|
128
|
+
:'signature of H' => sign(transport),
|
129
129
|
}
|
130
130
|
payload = HrrRbSsh::Message::SSH_MSG_KEXDH_REPLY.encode message
|
131
131
|
transport.send payload
|
@@ -13,19 +13,19 @@ module HrrRbSsh
|
|
13
13
|
include Codable
|
14
14
|
end
|
15
15
|
DEFINITION = [
|
16
|
-
[DataType::String, 'V_C'],
|
17
|
-
[DataType::String, 'V_S'],
|
18
|
-
[DataType::String, 'I_C'],
|
19
|
-
[DataType::String, 'I_S'],
|
20
|
-
[DataType::String, 'K_S'],
|
21
|
-
[DataType::Uint32, 'min'],
|
22
|
-
[DataType::Uint32, 'n'],
|
23
|
-
[DataType::Uint32, 'max'],
|
24
|
-
[DataType::Mpint, 'p'],
|
25
|
-
[DataType::Mpint, 'g'],
|
26
|
-
[DataType::Mpint, 'e'],
|
27
|
-
[DataType::Mpint, 'f'],
|
28
|
-
[DataType::Mpint, 'k'],
|
16
|
+
[DataType::String, :'V_C'],
|
17
|
+
[DataType::String, :'V_S'],
|
18
|
+
[DataType::String, :'I_C'],
|
19
|
+
[DataType::String, :'I_S'],
|
20
|
+
[DataType::String, :'K_S'],
|
21
|
+
[DataType::Uint32, :'min'],
|
22
|
+
[DataType::Uint32, :'n'],
|
23
|
+
[DataType::Uint32, :'max'],
|
24
|
+
[DataType::Mpint, :'p'],
|
25
|
+
[DataType::Mpint, :'g'],
|
26
|
+
[DataType::Mpint, :'e'],
|
27
|
+
[DataType::Mpint, :'f'],
|
28
|
+
[DataType::Mpint, :'k'],
|
29
29
|
]
|
30
30
|
end
|
31
31
|
end
|
@@ -60,19 +60,19 @@ module HrrRbSsh
|
|
60
60
|
f = pub_key
|
61
61
|
|
62
62
|
h0_payload = {
|
63
|
-
'V_C' => transport.v_c,
|
64
|
-
'V_S' => transport.v_s,
|
65
|
-
'I_C' => transport.i_c,
|
66
|
-
'I_S' => transport.i_s,
|
67
|
-
'K_S' => transport.server_host_key_algorithm.server_public_host_key,
|
68
|
-
'min' => @min,
|
69
|
-
'n' => @n,
|
70
|
-
'max' => @max,
|
71
|
-
'p' => @dh.p.to_i,
|
72
|
-
'g' => @dh.g.to_i,
|
73
|
-
'e' => e,
|
74
|
-
'f' => f,
|
75
|
-
'k' => k,
|
63
|
+
:'V_C' => transport.v_c,
|
64
|
+
:'V_S' => transport.v_s,
|
65
|
+
:'I_C' => transport.i_c,
|
66
|
+
:'I_S' => transport.i_s,
|
67
|
+
:'K_S' => transport.server_host_key_algorithm.server_public_host_key,
|
68
|
+
:'min' => @min,
|
69
|
+
:'n' => @n,
|
70
|
+
:'max' => @max,
|
71
|
+
:'p' => @dh.p.to_i,
|
72
|
+
:'g' => @dh.g.to_i,
|
73
|
+
:'e' => e,
|
74
|
+
:'f' => f,
|
75
|
+
:'k' => k,
|
76
76
|
}
|
77
77
|
h0 = H0.encode h0_payload
|
78
78
|
|
@@ -132,16 +132,16 @@ module HrrRbSsh
|
|
132
132
|
|
133
133
|
def receive_kex_dh_gex_request payload
|
134
134
|
message = HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_REQUEST.decode payload
|
135
|
-
@min = message['min']
|
136
|
-
@n = message['n']
|
137
|
-
@max = message['max']
|
135
|
+
@min = message[:'min']
|
136
|
+
@n = message[:'n']
|
137
|
+
@max = message[:'max']
|
138
138
|
end
|
139
139
|
|
140
140
|
def send_kex_dh_gex_group transport
|
141
141
|
message = {
|
142
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_GROUP::VALUE,
|
143
|
-
'p' => @dh.p.to_i,
|
144
|
-
'g' => @dh.g.to_i,
|
142
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_GROUP::VALUE,
|
143
|
+
:'p' => @dh.p.to_i,
|
144
|
+
:'g' => @dh.g.to_i,
|
145
145
|
}
|
146
146
|
payload = HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_GROUP.encode message
|
147
147
|
transport.send payload
|
@@ -149,15 +149,15 @@ module HrrRbSsh
|
|
149
149
|
|
150
150
|
def receive_kex_dh_gex_init payload
|
151
151
|
message = HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_INIT.decode payload
|
152
|
-
set_e message['e']
|
152
|
+
set_e message[:'e']
|
153
153
|
end
|
154
154
|
|
155
155
|
def send_kex_dh_gex_reply transport
|
156
156
|
message = {
|
157
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_REPLY::VALUE,
|
158
|
-
'server public host key and certificates (K_S)' => transport.server_host_key_algorithm.server_public_host_key,
|
159
|
-
'f' => pub_key,
|
160
|
-
'signature of H' => sign(transport),
|
157
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_REPLY::VALUE,
|
158
|
+
:'server public host key and certificates (K_S)' => transport.server_host_key_algorithm.server_public_host_key,
|
159
|
+
:'f' => pub_key,
|
160
|
+
:'signature of H' => sign(transport),
|
161
161
|
}
|
162
162
|
payload = HrrRbSsh::Message::SSH_MSG_KEX_DH_GEX_REPLY.encode message
|
163
163
|
transport.send payload
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class KexAlgorithm
|
10
|
+
module EllipticCurveDiffieHellman
|
11
|
+
module H0
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'V_C'],
|
17
|
+
[DataType::String, :'V_S'],
|
18
|
+
[DataType::String, :'I_C'],
|
19
|
+
[DataType::String, :'I_S'],
|
20
|
+
[DataType::String, :'K_S'],
|
21
|
+
[DataType::Mpint, :'Q_C'],
|
22
|
+
[DataType::Mpint, :'Q_S'],
|
23
|
+
[DataType::Mpint, :'K'],
|
24
|
+
]
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,132 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'openssl'
|
5
|
+
require 'hrr_rb_ssh/logger'
|
6
|
+
require 'hrr_rb_ssh/data_type'
|
7
|
+
|
8
|
+
module HrrRbSsh
|
9
|
+
class Transport
|
10
|
+
class KexAlgorithm
|
11
|
+
module EllipticCurveDiffieHellman
|
12
|
+
def initialize
|
13
|
+
@logger = HrrRbSsh::Logger.new(self.class.name)
|
14
|
+
@dh = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
|
15
|
+
@dh.generate_key
|
16
|
+
end
|
17
|
+
|
18
|
+
def start transport, mode
|
19
|
+
case mode
|
20
|
+
when HrrRbSsh::Transport::Mode::SERVER
|
21
|
+
receive_kexecdh_init transport.receive
|
22
|
+
send_kexecdh_reply transport
|
23
|
+
else
|
24
|
+
raise "unsupported mode"
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
def set_q_c q_c
|
29
|
+
@q_c = q_c
|
30
|
+
end
|
31
|
+
|
32
|
+
def shared_secret
|
33
|
+
k = OpenSSL::BN.new(@dh.dh_compute_key(OpenSSL::PKey::EC::Point.new(OpenSSL::PKey::EC.new(self.class::CURVE_NAME).group, OpenSSL::BN.new(@q_c))), 2).to_i
|
34
|
+
end
|
35
|
+
|
36
|
+
def public_key
|
37
|
+
f = @dh.public_key.to_bn.to_i
|
38
|
+
end
|
39
|
+
|
40
|
+
def hash transport
|
41
|
+
q_c = @q_c
|
42
|
+
q_s = public_key
|
43
|
+
k = shared_secret
|
44
|
+
|
45
|
+
h0_payload = {
|
46
|
+
:'V_C' => transport.v_c,
|
47
|
+
:'V_S' => transport.v_s,
|
48
|
+
:'I_C' => transport.i_c,
|
49
|
+
:'I_S' => transport.i_s,
|
50
|
+
:'K_S' => transport.server_host_key_algorithm.server_public_host_key,
|
51
|
+
:'Q_C' => q_c,
|
52
|
+
:'Q_S' => q_s,
|
53
|
+
:'K' => k,
|
54
|
+
}
|
55
|
+
h0 = H0.encode h0_payload
|
56
|
+
|
57
|
+
h = OpenSSL::Digest.digest self.class::DIGEST, h0
|
58
|
+
|
59
|
+
h
|
60
|
+
end
|
61
|
+
|
62
|
+
def sign transport
|
63
|
+
h = hash transport
|
64
|
+
s = transport.server_host_key_algorithm.sign h
|
65
|
+
|
66
|
+
s
|
67
|
+
end
|
68
|
+
|
69
|
+
def build_key(_k, h, _x, session_id, key_length)
|
70
|
+
k = DataType::Mpint.encode _k
|
71
|
+
x = DataType::Byte.encode _x
|
72
|
+
|
73
|
+
key = OpenSSL::Digest.digest(self.class::DIGEST, k + h + x + session_id)
|
74
|
+
|
75
|
+
while key.length < key_length
|
76
|
+
key = key + OpenSSL::Digest.digest(self.class::DIGEST, k + h + key )
|
77
|
+
end
|
78
|
+
|
79
|
+
key[0, key_length]
|
80
|
+
end
|
81
|
+
|
82
|
+
def iv_c_to_s transport, encryption_algorithm_c_to_s_name
|
83
|
+
key_length = HrrRbSsh::Transport::EncryptionAlgorithm[encryption_algorithm_c_to_s_name]::IV_LENGTH
|
84
|
+
build_key(shared_secret, hash(transport), 'A'.ord, transport.session_id, key_length)
|
85
|
+
end
|
86
|
+
|
87
|
+
def iv_s_to_c transport, encryption_algorithm_s_to_c_name
|
88
|
+
key_length = HrrRbSsh::Transport::EncryptionAlgorithm[encryption_algorithm_s_to_c_name]::IV_LENGTH
|
89
|
+
build_key(shared_secret, hash(transport), 'B'.ord, transport.session_id, key_length)
|
90
|
+
end
|
91
|
+
|
92
|
+
def key_c_to_s transport, encryption_algorithm_c_to_s_name
|
93
|
+
key_length = HrrRbSsh::Transport::EncryptionAlgorithm[encryption_algorithm_c_to_s_name]::KEY_LENGTH
|
94
|
+
build_key(shared_secret, hash(transport), 'C'.ord, transport.session_id, key_length)
|
95
|
+
end
|
96
|
+
|
97
|
+
def key_s_to_c transport, encryption_algorithm_s_to_c_name
|
98
|
+
key_length = HrrRbSsh::Transport::EncryptionAlgorithm[encryption_algorithm_s_to_c_name]::KEY_LENGTH
|
99
|
+
build_key(shared_secret, hash(transport), 'D'.ord, transport.session_id, key_length)
|
100
|
+
end
|
101
|
+
|
102
|
+
def mac_c_to_s transport, mac_algorithm_c_to_s_name
|
103
|
+
key_length = HrrRbSsh::Transport::MacAlgorithm[mac_algorithm_c_to_s_name]::KEY_LENGTH
|
104
|
+
build_key(shared_secret, hash(transport), 'E'.ord, transport.session_id, key_length)
|
105
|
+
end
|
106
|
+
|
107
|
+
def mac_s_to_c transport, mac_algorithm_s_to_c_name
|
108
|
+
key_length = HrrRbSsh::Transport::MacAlgorithm[mac_algorithm_s_to_c_name]::KEY_LENGTH
|
109
|
+
build_key(shared_secret, hash(transport), 'F'.ord, transport.session_id, key_length)
|
110
|
+
end
|
111
|
+
|
112
|
+
def receive_kexecdh_init payload
|
113
|
+
message = HrrRbSsh::Message::SSH_MSG_KEXECDH_INIT.decode payload
|
114
|
+
set_q_c message[:'Q_C']
|
115
|
+
end
|
116
|
+
|
117
|
+
def send_kexecdh_reply transport
|
118
|
+
message = {
|
119
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_KEXECDH_REPLY::VALUE,
|
120
|
+
:'K_S' => transport.server_host_key_algorithm.server_public_host_key,
|
121
|
+
:'Q_S' => public_key,
|
122
|
+
:'signature of H' => sign(transport),
|
123
|
+
}
|
124
|
+
payload = HrrRbSsh::Message::SSH_MSG_KEXECDH_REPLY.encode message
|
125
|
+
transport.send payload
|
126
|
+
end
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman/h0'
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
class Transport
|
8
|
+
class KexAlgorithm
|
9
|
+
class EllipticCurveDiffieHellmanSha2Nistp256 < KexAlgorithm
|
10
|
+
NAME = 'ecdh-sha2-nistp256'
|
11
|
+
PREFERENCE = 100
|
12
|
+
DIGEST = 'sha256'
|
13
|
+
CURVE_NAME = 'prime256v1'
|
14
|
+
include EllipticCurveDiffieHellman
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
class Transport
|
8
|
+
class KexAlgorithm
|
9
|
+
class EllipticCurveDiffieHellmanSha2Nistp384 < KexAlgorithm
|
10
|
+
NAME = 'ecdh-sha2-nistp384'
|
11
|
+
PREFERENCE = 110
|
12
|
+
DIGEST = 'sha384'
|
13
|
+
CURVE_NAME = 'secp384r1'
|
14
|
+
include EllipticCurveDiffieHellman
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
class Transport
|
8
|
+
class KexAlgorithm
|
9
|
+
class EllipticCurveDiffieHellmanSha2Nistp521 < KexAlgorithm
|
10
|
+
NAME = 'ecdh-sha2-nistp521'
|
11
|
+
PREFERENCE = 120
|
12
|
+
DIGEST = 'sha512'
|
13
|
+
CURVE_NAME = 'secp521r1'
|
14
|
+
include EllipticCurveDiffieHellman
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -23,3 +23,6 @@ require 'hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group15_sha512'
|
|
23
23
|
require 'hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group16_sha512'
|
24
24
|
require 'hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group17_sha512'
|
25
25
|
require 'hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group18_sha512'
|
26
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp256'
|
27
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp384'
|
28
|
+
require 'hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp521'
|
data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp256
|
11
|
+
module EcdsaSignatureBlob
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::Mpint, :'r'],
|
17
|
+
[DataType::Mpint, :'s'],
|
18
|
+
]
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/public_key_blob.rb
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp256
|
11
|
+
module PublicKeyBlob
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'ecdsa-sha2-[identifier]'],
|
17
|
+
[DataType::String, :'[identifier]'],
|
18
|
+
[DataType::String, :'Q'],
|
19
|
+
]
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|