hrr_rb_ssh 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/demo/server.rb +10 -2
- data/lib/hrr_rb_ssh/authentication/method/none.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/password.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/public_key_blob.rb +5 -5
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature_blob.rb +8 -8
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb +24 -24
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/public_key_blob.rb +3 -3
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature_blob.rb +8 -8
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb +19 -19
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/context.rb +7 -7
- data/lib/hrr_rb_ssh/authentication/method/publickey.rb +7 -7
- data/lib/hrr_rb_ssh/authentication.rb +6 -6
- data/lib/hrr_rb_ssh/codable.rb +7 -2
- data/lib/hrr_rb_ssh/connection/channel/channel_type/direct_tcpip.rb +102 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain/chain_context.rb +26 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain.rb +29 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env/context.rb +2 -2
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req/context.rb +6 -6
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change/context.rb +4 -4
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb +42 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type.rb +1 -0
- data/lib/hrr_rb_ssh/connection/channel.rb +50 -63
- data/lib/hrr_rb_ssh/connection/request_handler/reference_shell_request_handler.rb +29 -9
- data/lib/hrr_rb_ssh/connection.rb +22 -27
- data/lib/hrr_rb_ssh/message/001_ssh_msg_disconnect.rb +4 -4
- data/lib/hrr_rb_ssh/message/002_ssh_msg_ignore.rb +2 -2
- data/lib/hrr_rb_ssh/message/003_ssh_msg_unimplemented.rb +2 -2
- data/lib/hrr_rb_ssh/message/004_ssh_msg_debug.rb +4 -4
- data/lib/hrr_rb_ssh/message/005_ssh_msg_service_request.rb +2 -2
- data/lib/hrr_rb_ssh/message/006_ssh_msg_service_accept.rb +2 -2
- data/lib/hrr_rb_ssh/message/020_ssh_msg_kexinit.rb +29 -29
- data/lib/hrr_rb_ssh/message/021_ssh_msg_newkeys.rb +1 -1
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kex_dh_gex_request_old.rb +2 -2
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kexdh_init.rb +2 -2
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kexecdh_init.rb +24 -0
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kex_dh_gex_group.rb +3 -3
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kexdh_reply.rb +4 -4
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kexecdh_reply.rb +26 -0
- data/lib/hrr_rb_ssh/message/032_ssh_msg_kex_dh_gex_init.rb +2 -2
- data/lib/hrr_rb_ssh/message/033_ssh_msg_kex_dh_gex_reply.rb +4 -4
- data/lib/hrr_rb_ssh/message/034_ssh_msg_kex_dh_gex_request.rb +4 -4
- data/lib/hrr_rb_ssh/message/050_ssh_msg_userauth_request.rb +17 -17
- data/lib/hrr_rb_ssh/message/051_ssh_msg_userauth_failure.rb +3 -3
- data/lib/hrr_rb_ssh/message/052_ssh_msg_userauth_success.rb +1 -1
- data/lib/hrr_rb_ssh/message/060_ssh_msg_userauth_pk_ok.rb +3 -3
- data/lib/hrr_rb_ssh/message/080_ssh_msg_global_request.rb +12 -12
- data/lib/hrr_rb_ssh/message/081_ssh_msg_request_success.rb +5 -5
- data/lib/hrr_rb_ssh/message/082_ssh_msg_request_failure.rb +1 -1
- data/lib/hrr_rb_ssh/message/090_ssh_msg_channel_open.rb +24 -24
- data/lib/hrr_rb_ssh/message/091_ssh_msg_channel_open_confirmation.rb +14 -24
- data/lib/hrr_rb_ssh/message/092_ssh_msg_channel_open_failure.rb +5 -5
- data/lib/hrr_rb_ssh/message/093_ssh_msg_channel_window_adjust.rb +3 -3
- data/lib/hrr_rb_ssh/message/094_ssh_msg_channel_data.rb +3 -3
- data/lib/hrr_rb_ssh/message/095_ssh_msg_channel_extended_data.rb +4 -4
- data/lib/hrr_rb_ssh/message/096_ssh_msg_channel_eof.rb +2 -2
- data/lib/hrr_rb_ssh/message/097_ssh_msg_channel_close.rb +2 -2
- data/lib/hrr_rb_ssh/message/098_ssh_msg_channel_request.rb +51 -51
- data/lib/hrr_rb_ssh/message/099_ssh_msg_channel_success.rb +2 -2
- data/lib/hrr_rb_ssh/message/100_ssh_msg_channel_failure.rb +2 -2
- data/lib/hrr_rb_ssh/message.rb +2 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman/h0.rb +8 -8
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman.rb +13 -13
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange/h0.rb +13 -13
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb +24 -24
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman/h0.rb +29 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman.rb +132 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp256.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp384.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp521.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb +79 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb +80 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521.rb +81 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/public_key_blob.rb +5 -5
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/signature.rb +2 -2
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss.rb +9 -9
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/public_key_blob.rb +3 -3
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/signature.rb +2 -2
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa.rb +6 -6
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/transport.rb +30 -30
- data/lib/hrr_rb_ssh/version.rb +1 -1
- metadata +39 -4
- data/lib/hrr_rb_ssh/connection/channel/proc_chain/chain_context.rb +0 -22
- data/lib/hrr_rb_ssh/connection/channel/proc_chain.rb +0 -25
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp256
|
11
|
+
module Signature
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'ecdsa-sha2-[identifier]'],
|
17
|
+
[DataType::String, :'ecdsa_signature_blob'],
|
18
|
+
]
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,79 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/logger'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
class Transport
|
8
|
+
class ServerHostKeyAlgorithm
|
9
|
+
class EcdsaSha2Nistp256 < ServerHostKeyAlgorithm
|
10
|
+
NAME = 'ecdsa-sha2-nistp256'
|
11
|
+
PREFERENCE = 30
|
12
|
+
DIGEST = 'sha256'
|
13
|
+
IDENTIFIER = 'nistp256'
|
14
|
+
SECRET_KEY = <<-EOB
|
15
|
+
-----BEGIN EC PRIVATE KEY-----
|
16
|
+
MHcCAQEEIB+8vCekxXfgw+Nz10ZykUGaI+X6ftdGG6b2UX2iz7oEoAoGCCqGSM49
|
17
|
+
AwEHoUQDQgAEt1em9ko6A2kZFFwVtKgQ0xpggZg17EJQmhFz7ObGNsZ8VIFEc0Hg
|
18
|
+
SpNC6qrqdhUfVAjsF9y5O/3Z/LGh/lNTig==
|
19
|
+
-----END EC PRIVATE KEY-----
|
20
|
+
EOB
|
21
|
+
|
22
|
+
def initialize
|
23
|
+
@logger = HrrRbSsh::Logger.new(self.class.name)
|
24
|
+
@algorithm = OpenSSL::PKey::EC.new SECRET_KEY
|
25
|
+
end
|
26
|
+
|
27
|
+
def server_public_host_key
|
28
|
+
payload = {
|
29
|
+
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
30
|
+
:'[identifier]' => self.class::IDENTIFIER,
|
31
|
+
:'Q' => @algorithm.public_key.to_bn.to_s(2)
|
32
|
+
}
|
33
|
+
PublicKeyBlob.encode payload
|
34
|
+
end
|
35
|
+
|
36
|
+
def ecdsa_signature_blob data
|
37
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
38
|
+
sign_der = @algorithm.dsa_sign_asn1(hash)
|
39
|
+
sign_asn1 = OpenSSL::ASN1.decode(sign_der)
|
40
|
+
r = sign_asn1.value[0].value.to_i
|
41
|
+
s = sign_asn1.value[1].value.to_i
|
42
|
+
payload = {
|
43
|
+
:'r' => r,
|
44
|
+
:'s' => s,
|
45
|
+
}
|
46
|
+
EcdsaSignatureBlob.encode payload
|
47
|
+
end
|
48
|
+
|
49
|
+
def sign data
|
50
|
+
payload = {
|
51
|
+
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
52
|
+
:'ecdsa_signature_blob' => ecdsa_signature_blob(data),
|
53
|
+
}
|
54
|
+
Signature.encode payload
|
55
|
+
end
|
56
|
+
|
57
|
+
def verify sign, data
|
58
|
+
payload = Signature.decode sign
|
59
|
+
ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
|
60
|
+
r = ecdsa_signature_blob[:'r']
|
61
|
+
s = ecdsa_signature_blob[:'s']
|
62
|
+
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
63
|
+
[
|
64
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
|
65
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
|
66
|
+
]
|
67
|
+
)
|
68
|
+
sign_der = sign_asn1.to_der
|
69
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
70
|
+
payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/public_key_blob'
|
78
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob'
|
79
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/signature'
|
data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp384
|
11
|
+
module EcdsaSignatureBlob
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::Mpint, :'r'],
|
17
|
+
[DataType::Mpint, :'s'],
|
18
|
+
]
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob.rb
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp384
|
11
|
+
module PublicKeyBlob
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'ecdsa-sha2-[identifier]'],
|
17
|
+
[DataType::String, :'[identifier]'],
|
18
|
+
[DataType::String, :'Q'],
|
19
|
+
]
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp384
|
11
|
+
module Signature
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'ecdsa-sha2-[identifier]'],
|
17
|
+
[DataType::String, :'ecdsa_signature_blob'],
|
18
|
+
]
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/logger'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
class Transport
|
8
|
+
class ServerHostKeyAlgorithm
|
9
|
+
class EcdsaSha2Nistp384 < ServerHostKeyAlgorithm
|
10
|
+
NAME = 'ecdsa-sha2-nistp384'
|
11
|
+
PREFERENCE = 40
|
12
|
+
DIGEST = 'sha384'
|
13
|
+
IDENTIFIER = 'nistp384'
|
14
|
+
SECRET_KEY = <<-EOB
|
15
|
+
-----BEGIN EC PRIVATE KEY-----
|
16
|
+
MIGkAgEBBDCKZ6ulBka9rUw+gqKiQdVBG6fzH1klswyMrxrzCcfwRfoc5CGnj8e7
|
17
|
+
emk+IHyUsd6gBwYFK4EEACKhZANiAATnWMWRgfp3DFiBmdT7LunyBk9YIBYqPsrk
|
18
|
+
Zil+AWvlISusiW2JcZVB+Hz79tyrgzfwp6n6k9r5s31EIGTGf/n7UMwISrUCfcx+
|
19
|
+
xVrnYV8pOoy+dcUiGb9okf1jc41bLHc=
|
20
|
+
-----END EC PRIVATE KEY-----
|
21
|
+
EOB
|
22
|
+
|
23
|
+
def initialize
|
24
|
+
@logger = HrrRbSsh::Logger.new(self.class.name)
|
25
|
+
@algorithm = OpenSSL::PKey::EC.new SECRET_KEY
|
26
|
+
end
|
27
|
+
|
28
|
+
def server_public_host_key
|
29
|
+
payload = {
|
30
|
+
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
31
|
+
:'[identifier]' => self.class::IDENTIFIER,
|
32
|
+
:'Q' => @algorithm.public_key.to_bn.to_s(2)
|
33
|
+
}
|
34
|
+
PublicKeyBlob.encode payload
|
35
|
+
end
|
36
|
+
|
37
|
+
def ecdsa_signature_blob data
|
38
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
39
|
+
sign_der = @algorithm.dsa_sign_asn1(hash)
|
40
|
+
sign_asn1 = OpenSSL::ASN1.decode(sign_der)
|
41
|
+
r = sign_asn1.value[0].value.to_i
|
42
|
+
s = sign_asn1.value[1].value.to_i
|
43
|
+
payload = {
|
44
|
+
:'r' => r,
|
45
|
+
:'s' => s,
|
46
|
+
}
|
47
|
+
EcdsaSignatureBlob.encode payload
|
48
|
+
end
|
49
|
+
|
50
|
+
def sign data
|
51
|
+
payload = {
|
52
|
+
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
53
|
+
:'ecdsa_signature_blob' => ecdsa_signature_blob(data),
|
54
|
+
}
|
55
|
+
Signature.encode payload
|
56
|
+
end
|
57
|
+
|
58
|
+
def verify sign, data
|
59
|
+
payload = Signature.decode sign
|
60
|
+
ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
|
61
|
+
r = ecdsa_signature_blob[:'r']
|
62
|
+
s = ecdsa_signature_blob[:'s']
|
63
|
+
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
64
|
+
[
|
65
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
|
66
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
|
67
|
+
]
|
68
|
+
)
|
69
|
+
sign_der = sign_asn1.to_der
|
70
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
71
|
+
payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob'
|
79
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob'
|
80
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature'
|
data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp521
|
11
|
+
module EcdsaSignatureBlob
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::Mpint, :'r'],
|
17
|
+
[DataType::Mpint, :'s'],
|
18
|
+
]
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob.rb
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp521
|
11
|
+
module PublicKeyBlob
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'ecdsa-sha2-[identifier]'],
|
17
|
+
[DataType::String, :'[identifier]'],
|
18
|
+
[DataType::String, :'Q'],
|
19
|
+
]
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp521
|
11
|
+
module Signature
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'ecdsa-sha2-[identifier]'],
|
17
|
+
[DataType::String, :'ecdsa_signature_blob'],
|
18
|
+
]
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,81 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/logger'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
class Transport
|
8
|
+
class ServerHostKeyAlgorithm
|
9
|
+
class EcdsaSha2Nistp521 < ServerHostKeyAlgorithm
|
10
|
+
NAME = 'ecdsa-sha2-nistp521'
|
11
|
+
PREFERENCE = 50
|
12
|
+
DIGEST = 'sha512'
|
13
|
+
IDENTIFIER = 'nistp521'
|
14
|
+
SECRET_KEY = <<-EOB
|
15
|
+
-----BEGIN EC PRIVATE KEY-----
|
16
|
+
MIHcAgEBBEIByLZ82qYoJid43PwFAdhr3mSH7SalBTdrK8H6h4p3RKEisAsVhmVb
|
17
|
+
Sx+uGtgKVxxZT5s9tjr7W7Aqc6We5Fg9z7igBwYFK4EEACOhgYkDgYYABAFLHJ3H
|
18
|
+
6HBJyJFsN2PRsjJyRMfYE57BB8dmZgwTsHuSAXBkj+2g4ucwtF240zAWw6JOYdqE
|
19
|
+
V5O4BMNxGfYj+0ceKABJ4MgfUXQ3a1cXn8Dk2Q2uibbfVi7tQ7ET4k/A6B9f/Zwq
|
20
|
+
/zEM5OVWhfyc+vuEg+TfTtTqgVI2zJpLI7+mSjB/5Q==
|
21
|
+
-----END EC PRIVATE KEY-----
|
22
|
+
EOB
|
23
|
+
|
24
|
+
def initialize
|
25
|
+
@logger = HrrRbSsh::Logger.new(self.class.name)
|
26
|
+
@algorithm = OpenSSL::PKey::EC.new SECRET_KEY
|
27
|
+
end
|
28
|
+
|
29
|
+
def server_public_host_key
|
30
|
+
payload = {
|
31
|
+
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
32
|
+
:'[identifier]' => self.class::IDENTIFIER,
|
33
|
+
:'Q' => @algorithm.public_key.to_bn.to_s(2)
|
34
|
+
}
|
35
|
+
PublicKeyBlob.encode payload
|
36
|
+
end
|
37
|
+
|
38
|
+
def ecdsa_signature_blob data
|
39
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
40
|
+
sign_der = @algorithm.dsa_sign_asn1(hash)
|
41
|
+
sign_asn1 = OpenSSL::ASN1.decode(sign_der)
|
42
|
+
r = sign_asn1.value[0].value.to_i
|
43
|
+
s = sign_asn1.value[1].value.to_i
|
44
|
+
payload = {
|
45
|
+
:'r' => r,
|
46
|
+
:'s' => s,
|
47
|
+
}
|
48
|
+
EcdsaSignatureBlob.encode payload
|
49
|
+
end
|
50
|
+
|
51
|
+
def sign data
|
52
|
+
payload = {
|
53
|
+
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
54
|
+
:'ecdsa_signature_blob' => ecdsa_signature_blob(data),
|
55
|
+
}
|
56
|
+
Signature.encode payload
|
57
|
+
end
|
58
|
+
|
59
|
+
def verify sign, data
|
60
|
+
payload = Signature.decode sign
|
61
|
+
ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
|
62
|
+
r = ecdsa_signature_blob[:'r']
|
63
|
+
s = ecdsa_signature_blob[:'s']
|
64
|
+
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
65
|
+
[
|
66
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
|
67
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
|
68
|
+
]
|
69
|
+
)
|
70
|
+
sign_der = sign_asn1.to_der
|
71
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
72
|
+
payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob'
|
80
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob'
|
81
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature'
|
@@ -13,11 +13,11 @@ module HrrRbSsh
|
|
13
13
|
include Codable
|
14
14
|
end
|
15
15
|
DEFINITION = [
|
16
|
-
[DataType::String, 'ssh-dss'],
|
17
|
-
[DataType::Mpint, 'p'],
|
18
|
-
[DataType::Mpint, 'q'],
|
19
|
-
[DataType::Mpint, 'g'],
|
20
|
-
[DataType::Mpint, 'y'],
|
16
|
+
[DataType::String, :'ssh-dss'],
|
17
|
+
[DataType::Mpint, :'p'],
|
18
|
+
[DataType::Mpint, :'q'],
|
19
|
+
[DataType::Mpint, :'g'],
|
20
|
+
[DataType::Mpint, :'y'],
|
21
21
|
]
|
22
22
|
end
|
23
23
|
end
|
@@ -33,11 +33,11 @@ MRl/p42OrQzL/chRPvRf
|
|
33
33
|
|
34
34
|
def server_public_host_key
|
35
35
|
payload = {
|
36
|
-
'ssh-dss' =>
|
37
|
-
'p' => @dss.p.to_i,
|
38
|
-
'q' => @dss.q.to_i,
|
39
|
-
'g' => @dss.g.to_i,
|
40
|
-
'y' => @dss.pub_key.to_i,
|
36
|
+
:'ssh-dss' => "ssh-dss",
|
37
|
+
:'p' => @dss.p.to_i,
|
38
|
+
:'q' => @dss.q.to_i,
|
39
|
+
:'g' => @dss.g.to_i,
|
40
|
+
:'y' => @dss.pub_key.to_i,
|
41
41
|
}
|
42
42
|
PublicKeyBlob.encode payload
|
43
43
|
end
|
@@ -49,15 +49,15 @@ MRl/p42OrQzL/chRPvRf
|
|
49
49
|
sign_r = sign_asn1.value[0].value.to_s(2).rjust(20, ["00"].pack("H"))
|
50
50
|
sign_s = sign_asn1.value[1].value.to_s(2).rjust(20, ["00"].pack("H"))
|
51
51
|
payload = {
|
52
|
-
'ssh-dss' =>
|
53
|
-
'dss_signature_blob' => (sign_r + sign_s),
|
52
|
+
:'ssh-dss' => "ssh-dss",
|
53
|
+
:'dss_signature_blob' => (sign_r + sign_s),
|
54
54
|
}
|
55
55
|
Signature.encode payload
|
56
56
|
end
|
57
57
|
|
58
58
|
def verify sign, data
|
59
59
|
payload = Signature.decode sign
|
60
|
-
dss_signature_blob = payload['dss_signature_blob']
|
60
|
+
dss_signature_blob = payload[:'dss_signature_blob']
|
61
61
|
sign_r = dss_signature_blob[ 0, 20]
|
62
62
|
sign_s = dss_signature_blob[20, 20]
|
63
63
|
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
@@ -68,7 +68,7 @@ MRl/p42OrQzL/chRPvRf
|
|
68
68
|
)
|
69
69
|
sign_der = sign_asn1.to_der
|
70
70
|
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
71
|
-
payload['ssh-dss'] ==
|
71
|
+
payload[:'ssh-dss'] == "ssh-dss" && @dss.sysverify(hash, sign_der)
|
72
72
|
end
|
73
73
|
end
|
74
74
|
end
|
@@ -13,9 +13,9 @@ module HrrRbSsh
|
|
13
13
|
include Codable
|
14
14
|
end
|
15
15
|
DEFINITION = [
|
16
|
-
[DataType::String, 'ssh-rsa'],
|
17
|
-
[DataType::Mpint, 'e'],
|
18
|
-
[DataType::Mpint, 'n'],
|
16
|
+
[DataType::String, :'ssh-rsa'],
|
17
|
+
[DataType::Mpint, :'e'],
|
18
|
+
[DataType::Mpint, :'n'],
|
19
19
|
]
|
20
20
|
end
|
21
21
|
end
|
@@ -47,24 +47,24 @@ vzTNM3SFzgt3bHkdEtDLc64aoBX+dHOot6u71XLZrshnHPtiZ0C/ZA==
|
|
47
47
|
|
48
48
|
def server_public_host_key
|
49
49
|
payload = {
|
50
|
-
'ssh-rsa' =>
|
51
|
-
'e' => @rsa.e.to_i,
|
52
|
-
'n' => @rsa.n.to_i,
|
50
|
+
:'ssh-rsa' => "ssh-rsa",
|
51
|
+
:'e' => @rsa.e.to_i,
|
52
|
+
:'n' => @rsa.n.to_i,
|
53
53
|
}
|
54
54
|
PublicKeyBlob.encode payload
|
55
55
|
end
|
56
56
|
|
57
57
|
def sign data
|
58
58
|
payload = {
|
59
|
-
'ssh-rsa' =>
|
60
|
-
'rsa_signature_blob' => @rsa.sign(self.class::DIGEST, data),
|
59
|
+
:'ssh-rsa' => "ssh-rsa",
|
60
|
+
:'rsa_signature_blob' => @rsa.sign(self.class::DIGEST, data),
|
61
61
|
}
|
62
62
|
Signature.encode payload
|
63
63
|
end
|
64
64
|
|
65
65
|
def verify sign, data
|
66
66
|
payload = Signature.decode sign
|
67
|
-
payload['ssh-rsa'] ==
|
67
|
+
payload[:'ssh-rsa'] == "ssh-rsa" && @rsa.verify(self.class::DIGEST, payload[:'rsa_signature_blob'], data)
|
68
68
|
end
|
69
69
|
end
|
70
70
|
end
|
@@ -16,3 +16,6 @@ end
|
|
16
16
|
|
17
17
|
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss'
|
18
18
|
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa'
|
19
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256'
|
20
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384'
|
21
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521'
|
data/lib/hrr_rb_ssh/transport.rb
CHANGED
@@ -238,7 +238,7 @@ module HrrRbSsh
|
|
238
238
|
|
239
239
|
def verify_service_request
|
240
240
|
service_request_message = receive_service_request
|
241
|
-
service_name = service_request_message['service name']
|
241
|
+
service_name = service_request_message[:'service name']
|
242
242
|
if @acceptable_services.include? service_name
|
243
243
|
send_service_accept service_name
|
244
244
|
else
|
@@ -333,10 +333,10 @@ module HrrRbSsh
|
|
333
333
|
|
334
334
|
def send_disconnect
|
335
335
|
message = {
|
336
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_DISCONNECT::VALUE,
|
337
|
-
|
338
|
-
|
339
|
-
|
336
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_DISCONNECT::VALUE,
|
337
|
+
:'reason code' => HrrRbSsh::Message::SSH_MSG_DISCONNECT::ReasonCode::SSH_DISCONNECT_BY_APPLICATION,
|
338
|
+
:'description' => "disconnected by user",
|
339
|
+
:'language tag' => ""
|
340
340
|
}
|
341
341
|
payload = HrrRbSsh::Message::SSH_MSG_DISCONNECT.encode message
|
342
342
|
send payload
|
@@ -344,20 +344,20 @@ module HrrRbSsh
|
|
344
344
|
|
345
345
|
def send_kexinit
|
346
346
|
message = {
|
347
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_KEXINIT::VALUE,
|
348
|
-
'cookie (random byte)' => lambda { rand(0x01_00) },
|
349
|
-
'kex_algorithms' => @local_kex_algorithms,
|
350
|
-
'server_host_key_algorithms' => @local_server_host_key_algorithms,
|
351
|
-
'encryption_algorithms_client_to_server' => @local_encryption_algorithms_client_to_server,
|
352
|
-
'encryption_algorithms_server_to_client' => @local_encryption_algorithms_server_to_client,
|
353
|
-
'mac_algorithms_client_to_server' => @local_mac_algorithms_client_to_server,
|
354
|
-
'mac_algorithms_server_to_client' => @local_mac_algorithms_server_to_client,
|
355
|
-
'compression_algorithms_client_to_server' => @local_compression_algorithms_client_to_server,
|
356
|
-
'compression_algorithms_server_to_client' => @local_compression_algorithms_server_to_client,
|
357
|
-
'languages_client_to_server' => [],
|
358
|
-
'languages_server_to_client' => [],
|
359
|
-
'first_kex_packet_follows' => false,
|
360
|
-
'0 (reserved for future extension)' => 0,
|
347
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_KEXINIT::VALUE,
|
348
|
+
:'cookie (random byte)' => lambda { rand(0x01_00) },
|
349
|
+
:'kex_algorithms' => @local_kex_algorithms,
|
350
|
+
:'server_host_key_algorithms' => @local_server_host_key_algorithms,
|
351
|
+
:'encryption_algorithms_client_to_server' => @local_encryption_algorithms_client_to_server,
|
352
|
+
:'encryption_algorithms_server_to_client' => @local_encryption_algorithms_server_to_client,
|
353
|
+
:'mac_algorithms_client_to_server' => @local_mac_algorithms_client_to_server,
|
354
|
+
:'mac_algorithms_server_to_client' => @local_mac_algorithms_server_to_client,
|
355
|
+
:'compression_algorithms_client_to_server' => @local_compression_algorithms_client_to_server,
|
356
|
+
:'compression_algorithms_server_to_client' => @local_compression_algorithms_server_to_client,
|
357
|
+
:'languages_client_to_server' => [],
|
358
|
+
:'languages_server_to_client' => [],
|
359
|
+
:'first_kex_packet_follows' => false,
|
360
|
+
:'0 (reserved for future extension)' => 0,
|
361
361
|
}
|
362
362
|
payload = HrrRbSsh::Message::SSH_MSG_KEXINIT.encode message
|
363
363
|
send payload
|
@@ -383,7 +383,7 @@ module HrrRbSsh
|
|
383
383
|
|
384
384
|
def send_newkeys
|
385
385
|
message = {
|
386
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_NEWKEYS::VALUE,
|
386
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_NEWKEYS::VALUE,
|
387
387
|
}
|
388
388
|
payload = HrrRbSsh::Message::SSH_MSG_NEWKEYS.encode message
|
389
389
|
send payload
|
@@ -402,22 +402,22 @@ module HrrRbSsh
|
|
402
402
|
|
403
403
|
def send_service_accept service_name
|
404
404
|
message = {
|
405
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_SERVICE_ACCEPT::VALUE,
|
406
|
-
'service name' => service_name,
|
405
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_SERVICE_ACCEPT::VALUE,
|
406
|
+
:'service name' => service_name,
|
407
407
|
}
|
408
408
|
payload = HrrRbSsh::Message::SSH_MSG_SERVICE_ACCEPT.encode message
|
409
409
|
send payload
|
410
410
|
end
|
411
411
|
|
412
412
|
def update_remote_algorithms message
|
413
|
-
@remote_kex_algorithms = message['kex_algorithms']
|
414
|
-
@remote_server_host_key_algorithms = message['server_host_key_algorithms']
|
415
|
-
@remote_encryption_algorithms_client_to_server = message['encryption_algorithms_client_to_server']
|
416
|
-
@remote_encryption_algorithms_server_to_client = message['encryption_algorithms_server_to_client']
|
417
|
-
@remote_mac_algorithms_client_to_server = message['mac_algorithms_client_to_server']
|
418
|
-
@remote_mac_algorithms_server_to_client = message['mac_algorithms_server_to_client']
|
419
|
-
@remote_compression_algorithms_client_to_server = message['compression_algorithms_client_to_server']
|
420
|
-
@remote_compression_algorithms_server_to_client = message['compression_algorithms_server_to_client']
|
413
|
+
@remote_kex_algorithms = message[:'kex_algorithms']
|
414
|
+
@remote_server_host_key_algorithms = message[:'server_host_key_algorithms']
|
415
|
+
@remote_encryption_algorithms_client_to_server = message[:'encryption_algorithms_client_to_server']
|
416
|
+
@remote_encryption_algorithms_server_to_client = message[:'encryption_algorithms_server_to_client']
|
417
|
+
@remote_mac_algorithms_client_to_server = message[:'mac_algorithms_client_to_server']
|
418
|
+
@remote_mac_algorithms_server_to_client = message[:'mac_algorithms_server_to_client']
|
419
|
+
@remote_compression_algorithms_client_to_server = message[:'compression_algorithms_client_to_server']
|
420
|
+
@remote_compression_algorithms_server_to_client = message[:'compression_algorithms_server_to_client']
|
421
421
|
end
|
422
422
|
|
423
423
|
def update_kex_and_server_host_key_algorithms
|
data/lib/hrr_rb_ssh/version.rb
CHANGED