hrr_rb_ssh 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (115) hide show
  1. checksums.yaml +4 -4
  2. data/demo/server.rb +10 -2
  3. data/lib/hrr_rb_ssh/authentication/method/none.rb +1 -1
  4. data/lib/hrr_rb_ssh/authentication/method/password.rb +2 -2
  5. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +27 -0
  6. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +28 -0
  7. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature.rb +27 -0
  8. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob.rb +33 -0
  9. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb +84 -0
  10. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +27 -0
  11. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +28 -0
  12. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature.rb +27 -0
  13. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob.rb +33 -0
  14. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb +84 -0
  15. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +27 -0
  16. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +28 -0
  17. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature.rb +27 -0
  18. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob.rb +33 -0
  19. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb +84 -0
  20. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/public_key_blob.rb +5 -5
  21. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature.rb +2 -2
  22. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature_blob.rb +8 -8
  23. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb +24 -24
  24. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/public_key_blob.rb +3 -3
  25. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature.rb +2 -2
  26. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature_blob.rb +8 -8
  27. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb +19 -19
  28. data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm.rb +3 -0
  29. data/lib/hrr_rb_ssh/authentication/method/publickey/context.rb +7 -7
  30. data/lib/hrr_rb_ssh/authentication/method/publickey.rb +7 -7
  31. data/lib/hrr_rb_ssh/authentication.rb +6 -6
  32. data/lib/hrr_rb_ssh/codable.rb +7 -2
  33. data/lib/hrr_rb_ssh/connection/channel/channel_type/direct_tcpip.rb +102 -0
  34. data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain/chain_context.rb +26 -0
  35. data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain.rb +29 -0
  36. data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env/context.rb +2 -2
  37. data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec/context.rb +1 -1
  38. data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req/context.rb +6 -6
  39. data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem/context.rb +1 -1
  40. data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change/context.rb +4 -4
  41. data/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb +42 -0
  42. data/lib/hrr_rb_ssh/connection/channel/channel_type.rb +1 -0
  43. data/lib/hrr_rb_ssh/connection/channel.rb +50 -63
  44. data/lib/hrr_rb_ssh/connection/request_handler/reference_shell_request_handler.rb +29 -9
  45. data/lib/hrr_rb_ssh/connection.rb +22 -27
  46. data/lib/hrr_rb_ssh/message/001_ssh_msg_disconnect.rb +4 -4
  47. data/lib/hrr_rb_ssh/message/002_ssh_msg_ignore.rb +2 -2
  48. data/lib/hrr_rb_ssh/message/003_ssh_msg_unimplemented.rb +2 -2
  49. data/lib/hrr_rb_ssh/message/004_ssh_msg_debug.rb +4 -4
  50. data/lib/hrr_rb_ssh/message/005_ssh_msg_service_request.rb +2 -2
  51. data/lib/hrr_rb_ssh/message/006_ssh_msg_service_accept.rb +2 -2
  52. data/lib/hrr_rb_ssh/message/020_ssh_msg_kexinit.rb +29 -29
  53. data/lib/hrr_rb_ssh/message/021_ssh_msg_newkeys.rb +1 -1
  54. data/lib/hrr_rb_ssh/message/030_ssh_msg_kex_dh_gex_request_old.rb +2 -2
  55. data/lib/hrr_rb_ssh/message/030_ssh_msg_kexdh_init.rb +2 -2
  56. data/lib/hrr_rb_ssh/message/030_ssh_msg_kexecdh_init.rb +24 -0
  57. data/lib/hrr_rb_ssh/message/031_ssh_msg_kex_dh_gex_group.rb +3 -3
  58. data/lib/hrr_rb_ssh/message/031_ssh_msg_kexdh_reply.rb +4 -4
  59. data/lib/hrr_rb_ssh/message/031_ssh_msg_kexecdh_reply.rb +26 -0
  60. data/lib/hrr_rb_ssh/message/032_ssh_msg_kex_dh_gex_init.rb +2 -2
  61. data/lib/hrr_rb_ssh/message/033_ssh_msg_kex_dh_gex_reply.rb +4 -4
  62. data/lib/hrr_rb_ssh/message/034_ssh_msg_kex_dh_gex_request.rb +4 -4
  63. data/lib/hrr_rb_ssh/message/050_ssh_msg_userauth_request.rb +17 -17
  64. data/lib/hrr_rb_ssh/message/051_ssh_msg_userauth_failure.rb +3 -3
  65. data/lib/hrr_rb_ssh/message/052_ssh_msg_userauth_success.rb +1 -1
  66. data/lib/hrr_rb_ssh/message/060_ssh_msg_userauth_pk_ok.rb +3 -3
  67. data/lib/hrr_rb_ssh/message/080_ssh_msg_global_request.rb +12 -12
  68. data/lib/hrr_rb_ssh/message/081_ssh_msg_request_success.rb +5 -5
  69. data/lib/hrr_rb_ssh/message/082_ssh_msg_request_failure.rb +1 -1
  70. data/lib/hrr_rb_ssh/message/090_ssh_msg_channel_open.rb +24 -24
  71. data/lib/hrr_rb_ssh/message/091_ssh_msg_channel_open_confirmation.rb +14 -24
  72. data/lib/hrr_rb_ssh/message/092_ssh_msg_channel_open_failure.rb +5 -5
  73. data/lib/hrr_rb_ssh/message/093_ssh_msg_channel_window_adjust.rb +3 -3
  74. data/lib/hrr_rb_ssh/message/094_ssh_msg_channel_data.rb +3 -3
  75. data/lib/hrr_rb_ssh/message/095_ssh_msg_channel_extended_data.rb +4 -4
  76. data/lib/hrr_rb_ssh/message/096_ssh_msg_channel_eof.rb +2 -2
  77. data/lib/hrr_rb_ssh/message/097_ssh_msg_channel_close.rb +2 -2
  78. data/lib/hrr_rb_ssh/message/098_ssh_msg_channel_request.rb +51 -51
  79. data/lib/hrr_rb_ssh/message/099_ssh_msg_channel_success.rb +2 -2
  80. data/lib/hrr_rb_ssh/message/100_ssh_msg_channel_failure.rb +2 -2
  81. data/lib/hrr_rb_ssh/message.rb +2 -0
  82. data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman/h0.rb +8 -8
  83. data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman.rb +13 -13
  84. data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange/h0.rb +13 -13
  85. data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb +24 -24
  86. data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman/h0.rb +29 -0
  87. data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman.rb +132 -0
  88. data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp256.rb +18 -0
  89. data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp384.rb +18 -0
  90. data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp521.rb +18 -0
  91. data/lib/hrr_rb_ssh/transport/kex_algorithm.rb +3 -0
  92. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +23 -0
  93. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +25 -0
  94. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/signature.rb +23 -0
  95. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb +79 -0
  96. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +23 -0
  97. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +25 -0
  98. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature.rb +23 -0
  99. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb +80 -0
  100. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +23 -0
  101. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +25 -0
  102. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature.rb +23 -0
  103. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521.rb +81 -0
  104. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/public_key_blob.rb +5 -5
  105. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/signature.rb +2 -2
  106. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss.rb +9 -9
  107. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/public_key_blob.rb +3 -3
  108. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/signature.rb +2 -2
  109. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa.rb +6 -6
  110. data/lib/hrr_rb_ssh/transport/server_host_key_algorithm.rb +3 -0
  111. data/lib/hrr_rb_ssh/transport.rb +30 -30
  112. data/lib/hrr_rb_ssh/version.rb +1 -1
  113. metadata +39 -4
  114. data/lib/hrr_rb_ssh/connection/channel/proc_chain/chain_context.rb +0 -22
  115. data/lib/hrr_rb_ssh/connection/channel/proc_chain.rb +0 -25
@@ -0,0 +1,23 @@
1
+ # coding: utf-8
2
+ # vim: et ts=2 sw=2
3
+
4
+ require 'hrr_rb_ssh/data_type'
5
+ require 'hrr_rb_ssh/codable'
6
+
7
+ module HrrRbSsh
8
+ class Transport
9
+ class ServerHostKeyAlgorithm
10
+ class EcdsaSha2Nistp256
11
+ module Signature
12
+ class << self
13
+ include Codable
14
+ end
15
+ DEFINITION = [
16
+ [DataType::String, :'ecdsa-sha2-[identifier]'],
17
+ [DataType::String, :'ecdsa_signature_blob'],
18
+ ]
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,79 @@
1
+ # coding: utf-8
2
+ # vim: et ts=2 sw=2
3
+
4
+ require 'hrr_rb_ssh/logger'
5
+
6
+ module HrrRbSsh
7
+ class Transport
8
+ class ServerHostKeyAlgorithm
9
+ class EcdsaSha2Nistp256 < ServerHostKeyAlgorithm
10
+ NAME = 'ecdsa-sha2-nistp256'
11
+ PREFERENCE = 30
12
+ DIGEST = 'sha256'
13
+ IDENTIFIER = 'nistp256'
14
+ SECRET_KEY = <<-EOB
15
+ -----BEGIN EC PRIVATE KEY-----
16
+ MHcCAQEEIB+8vCekxXfgw+Nz10ZykUGaI+X6ftdGG6b2UX2iz7oEoAoGCCqGSM49
17
+ AwEHoUQDQgAEt1em9ko6A2kZFFwVtKgQ0xpggZg17EJQmhFz7ObGNsZ8VIFEc0Hg
18
+ SpNC6qrqdhUfVAjsF9y5O/3Z/LGh/lNTig==
19
+ -----END EC PRIVATE KEY-----
20
+ EOB
21
+
22
+ def initialize
23
+ @logger = HrrRbSsh::Logger.new(self.class.name)
24
+ @algorithm = OpenSSL::PKey::EC.new SECRET_KEY
25
+ end
26
+
27
+ def server_public_host_key
28
+ payload = {
29
+ :'ecdsa-sha2-[identifier]' => self.class::NAME,
30
+ :'[identifier]' => self.class::IDENTIFIER,
31
+ :'Q' => @algorithm.public_key.to_bn.to_s(2)
32
+ }
33
+ PublicKeyBlob.encode payload
34
+ end
35
+
36
+ def ecdsa_signature_blob data
37
+ hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
38
+ sign_der = @algorithm.dsa_sign_asn1(hash)
39
+ sign_asn1 = OpenSSL::ASN1.decode(sign_der)
40
+ r = sign_asn1.value[0].value.to_i
41
+ s = sign_asn1.value[1].value.to_i
42
+ payload = {
43
+ :'r' => r,
44
+ :'s' => s,
45
+ }
46
+ EcdsaSignatureBlob.encode payload
47
+ end
48
+
49
+ def sign data
50
+ payload = {
51
+ :'ecdsa-sha2-[identifier]' => self.class::NAME,
52
+ :'ecdsa_signature_blob' => ecdsa_signature_blob(data),
53
+ }
54
+ Signature.encode payload
55
+ end
56
+
57
+ def verify sign, data
58
+ payload = Signature.decode sign
59
+ ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
60
+ r = ecdsa_signature_blob[:'r']
61
+ s = ecdsa_signature_blob[:'s']
62
+ sign_asn1 = OpenSSL::ASN1::Sequence.new(
63
+ [
64
+ OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
65
+ OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
66
+ ]
67
+ )
68
+ sign_der = sign_asn1.to_der
69
+ hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
70
+ payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
71
+ end
72
+ end
73
+ end
74
+ end
75
+ end
76
+
77
+ require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/public_key_blob'
78
+ require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob'
79
+ require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/signature'
@@ -0,0 +1,23 @@
1
+ # coding: utf-8
2
+ # vim: et ts=2 sw=2
3
+
4
+ require 'hrr_rb_ssh/data_type'
5
+ require 'hrr_rb_ssh/codable'
6
+
7
+ module HrrRbSsh
8
+ class Transport
9
+ class ServerHostKeyAlgorithm
10
+ class EcdsaSha2Nistp384
11
+ module EcdsaSignatureBlob
12
+ class << self
13
+ include Codable
14
+ end
15
+ DEFINITION = [
16
+ [DataType::Mpint, :'r'],
17
+ [DataType::Mpint, :'s'],
18
+ ]
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,25 @@
1
+ # coding: utf-8
2
+ # vim: et ts=2 sw=2
3
+
4
+ require 'hrr_rb_ssh/data_type'
5
+ require 'hrr_rb_ssh/codable'
6
+
7
+ module HrrRbSsh
8
+ class Transport
9
+ class ServerHostKeyAlgorithm
10
+ class EcdsaSha2Nistp384
11
+ module PublicKeyBlob
12
+ class << self
13
+ include Codable
14
+ end
15
+ DEFINITION = [
16
+ [DataType::String, :'ecdsa-sha2-[identifier]'],
17
+ [DataType::String, :'[identifier]'],
18
+ [DataType::String, :'Q'],
19
+ ]
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
25
+
@@ -0,0 +1,23 @@
1
+ # coding: utf-8
2
+ # vim: et ts=2 sw=2
3
+
4
+ require 'hrr_rb_ssh/data_type'
5
+ require 'hrr_rb_ssh/codable'
6
+
7
+ module HrrRbSsh
8
+ class Transport
9
+ class ServerHostKeyAlgorithm
10
+ class EcdsaSha2Nistp384
11
+ module Signature
12
+ class << self
13
+ include Codable
14
+ end
15
+ DEFINITION = [
16
+ [DataType::String, :'ecdsa-sha2-[identifier]'],
17
+ [DataType::String, :'ecdsa_signature_blob'],
18
+ ]
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,80 @@
1
+ # coding: utf-8
2
+ # vim: et ts=2 sw=2
3
+
4
+ require 'hrr_rb_ssh/logger'
5
+
6
+ module HrrRbSsh
7
+ class Transport
8
+ class ServerHostKeyAlgorithm
9
+ class EcdsaSha2Nistp384 < ServerHostKeyAlgorithm
10
+ NAME = 'ecdsa-sha2-nistp384'
11
+ PREFERENCE = 40
12
+ DIGEST = 'sha384'
13
+ IDENTIFIER = 'nistp384'
14
+ SECRET_KEY = <<-EOB
15
+ -----BEGIN EC PRIVATE KEY-----
16
+ MIGkAgEBBDCKZ6ulBka9rUw+gqKiQdVBG6fzH1klswyMrxrzCcfwRfoc5CGnj8e7
17
+ emk+IHyUsd6gBwYFK4EEACKhZANiAATnWMWRgfp3DFiBmdT7LunyBk9YIBYqPsrk
18
+ Zil+AWvlISusiW2JcZVB+Hz79tyrgzfwp6n6k9r5s31EIGTGf/n7UMwISrUCfcx+
19
+ xVrnYV8pOoy+dcUiGb9okf1jc41bLHc=
20
+ -----END EC PRIVATE KEY-----
21
+ EOB
22
+
23
+ def initialize
24
+ @logger = HrrRbSsh::Logger.new(self.class.name)
25
+ @algorithm = OpenSSL::PKey::EC.new SECRET_KEY
26
+ end
27
+
28
+ def server_public_host_key
29
+ payload = {
30
+ :'ecdsa-sha2-[identifier]' => self.class::NAME,
31
+ :'[identifier]' => self.class::IDENTIFIER,
32
+ :'Q' => @algorithm.public_key.to_bn.to_s(2)
33
+ }
34
+ PublicKeyBlob.encode payload
35
+ end
36
+
37
+ def ecdsa_signature_blob data
38
+ hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
39
+ sign_der = @algorithm.dsa_sign_asn1(hash)
40
+ sign_asn1 = OpenSSL::ASN1.decode(sign_der)
41
+ r = sign_asn1.value[0].value.to_i
42
+ s = sign_asn1.value[1].value.to_i
43
+ payload = {
44
+ :'r' => r,
45
+ :'s' => s,
46
+ }
47
+ EcdsaSignatureBlob.encode payload
48
+ end
49
+
50
+ def sign data
51
+ payload = {
52
+ :'ecdsa-sha2-[identifier]' => self.class::NAME,
53
+ :'ecdsa_signature_blob' => ecdsa_signature_blob(data),
54
+ }
55
+ Signature.encode payload
56
+ end
57
+
58
+ def verify sign, data
59
+ payload = Signature.decode sign
60
+ ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
61
+ r = ecdsa_signature_blob[:'r']
62
+ s = ecdsa_signature_blob[:'s']
63
+ sign_asn1 = OpenSSL::ASN1::Sequence.new(
64
+ [
65
+ OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
66
+ OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
67
+ ]
68
+ )
69
+ sign_der = sign_asn1.to_der
70
+ hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
71
+ payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
72
+ end
73
+ end
74
+ end
75
+ end
76
+ end
77
+
78
+ require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob'
79
+ require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob'
80
+ require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature'
@@ -0,0 +1,23 @@
1
+ # coding: utf-8
2
+ # vim: et ts=2 sw=2
3
+
4
+ require 'hrr_rb_ssh/data_type'
5
+ require 'hrr_rb_ssh/codable'
6
+
7
+ module HrrRbSsh
8
+ class Transport
9
+ class ServerHostKeyAlgorithm
10
+ class EcdsaSha2Nistp521
11
+ module EcdsaSignatureBlob
12
+ class << self
13
+ include Codable
14
+ end
15
+ DEFINITION = [
16
+ [DataType::Mpint, :'r'],
17
+ [DataType::Mpint, :'s'],
18
+ ]
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,25 @@
1
+ # coding: utf-8
2
+ # vim: et ts=2 sw=2
3
+
4
+ require 'hrr_rb_ssh/data_type'
5
+ require 'hrr_rb_ssh/codable'
6
+
7
+ module HrrRbSsh
8
+ class Transport
9
+ class ServerHostKeyAlgorithm
10
+ class EcdsaSha2Nistp521
11
+ module PublicKeyBlob
12
+ class << self
13
+ include Codable
14
+ end
15
+ DEFINITION = [
16
+ [DataType::String, :'ecdsa-sha2-[identifier]'],
17
+ [DataType::String, :'[identifier]'],
18
+ [DataType::String, :'Q'],
19
+ ]
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
25
+
@@ -0,0 +1,23 @@
1
+ # coding: utf-8
2
+ # vim: et ts=2 sw=2
3
+
4
+ require 'hrr_rb_ssh/data_type'
5
+ require 'hrr_rb_ssh/codable'
6
+
7
+ module HrrRbSsh
8
+ class Transport
9
+ class ServerHostKeyAlgorithm
10
+ class EcdsaSha2Nistp521
11
+ module Signature
12
+ class << self
13
+ include Codable
14
+ end
15
+ DEFINITION = [
16
+ [DataType::String, :'ecdsa-sha2-[identifier]'],
17
+ [DataType::String, :'ecdsa_signature_blob'],
18
+ ]
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,81 @@
1
+ # coding: utf-8
2
+ # vim: et ts=2 sw=2
3
+
4
+ require 'hrr_rb_ssh/logger'
5
+
6
+ module HrrRbSsh
7
+ class Transport
8
+ class ServerHostKeyAlgorithm
9
+ class EcdsaSha2Nistp521 < ServerHostKeyAlgorithm
10
+ NAME = 'ecdsa-sha2-nistp521'
11
+ PREFERENCE = 50
12
+ DIGEST = 'sha512'
13
+ IDENTIFIER = 'nistp521'
14
+ SECRET_KEY = <<-EOB
15
+ -----BEGIN EC PRIVATE KEY-----
16
+ MIHcAgEBBEIByLZ82qYoJid43PwFAdhr3mSH7SalBTdrK8H6h4p3RKEisAsVhmVb
17
+ Sx+uGtgKVxxZT5s9tjr7W7Aqc6We5Fg9z7igBwYFK4EEACOhgYkDgYYABAFLHJ3H
18
+ 6HBJyJFsN2PRsjJyRMfYE57BB8dmZgwTsHuSAXBkj+2g4ucwtF240zAWw6JOYdqE
19
+ V5O4BMNxGfYj+0ceKABJ4MgfUXQ3a1cXn8Dk2Q2uibbfVi7tQ7ET4k/A6B9f/Zwq
20
+ /zEM5OVWhfyc+vuEg+TfTtTqgVI2zJpLI7+mSjB/5Q==
21
+ -----END EC PRIVATE KEY-----
22
+ EOB
23
+
24
+ def initialize
25
+ @logger = HrrRbSsh::Logger.new(self.class.name)
26
+ @algorithm = OpenSSL::PKey::EC.new SECRET_KEY
27
+ end
28
+
29
+ def server_public_host_key
30
+ payload = {
31
+ :'ecdsa-sha2-[identifier]' => self.class::NAME,
32
+ :'[identifier]' => self.class::IDENTIFIER,
33
+ :'Q' => @algorithm.public_key.to_bn.to_s(2)
34
+ }
35
+ PublicKeyBlob.encode payload
36
+ end
37
+
38
+ def ecdsa_signature_blob data
39
+ hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
40
+ sign_der = @algorithm.dsa_sign_asn1(hash)
41
+ sign_asn1 = OpenSSL::ASN1.decode(sign_der)
42
+ r = sign_asn1.value[0].value.to_i
43
+ s = sign_asn1.value[1].value.to_i
44
+ payload = {
45
+ :'r' => r,
46
+ :'s' => s,
47
+ }
48
+ EcdsaSignatureBlob.encode payload
49
+ end
50
+
51
+ def sign data
52
+ payload = {
53
+ :'ecdsa-sha2-[identifier]' => self.class::NAME,
54
+ :'ecdsa_signature_blob' => ecdsa_signature_blob(data),
55
+ }
56
+ Signature.encode payload
57
+ end
58
+
59
+ def verify sign, data
60
+ payload = Signature.decode sign
61
+ ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
62
+ r = ecdsa_signature_blob[:'r']
63
+ s = ecdsa_signature_blob[:'s']
64
+ sign_asn1 = OpenSSL::ASN1::Sequence.new(
65
+ [
66
+ OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
67
+ OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
68
+ ]
69
+ )
70
+ sign_der = sign_asn1.to_der
71
+ hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
72
+ payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
73
+ end
74
+ end
75
+ end
76
+ end
77
+ end
78
+
79
+ require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob'
80
+ require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob'
81
+ require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature'
@@ -13,11 +13,11 @@ module HrrRbSsh
13
13
  include Codable
14
14
  end
15
15
  DEFINITION = [
16
- [DataType::String, 'ssh-dss'],
17
- [DataType::Mpint, 'p'],
18
- [DataType::Mpint, 'q'],
19
- [DataType::Mpint, 'g'],
20
- [DataType::Mpint, 'y'],
16
+ [DataType::String, :'ssh-dss'],
17
+ [DataType::Mpint, :'p'],
18
+ [DataType::Mpint, :'q'],
19
+ [DataType::Mpint, :'g'],
20
+ [DataType::Mpint, :'y'],
21
21
  ]
22
22
  end
23
23
  end
@@ -13,8 +13,8 @@ module HrrRbSsh
13
13
  include Codable
14
14
  end
15
15
  DEFINITION = [
16
- [DataType::String, 'ssh-dss'],
17
- [DataType::String, 'dss_signature_blob'],
16
+ [DataType::String, :'ssh-dss'],
17
+ [DataType::String, :'dss_signature_blob'],
18
18
  ]
19
19
  end
20
20
  end
@@ -33,11 +33,11 @@ MRl/p42OrQzL/chRPvRf
33
33
 
34
34
  def server_public_host_key
35
35
  payload = {
36
- 'ssh-dss' => 'ssh-dss',
37
- 'p' => @dss.p.to_i,
38
- 'q' => @dss.q.to_i,
39
- 'g' => @dss.g.to_i,
40
- 'y' => @dss.pub_key.to_i,
36
+ :'ssh-dss' => "ssh-dss",
37
+ :'p' => @dss.p.to_i,
38
+ :'q' => @dss.q.to_i,
39
+ :'g' => @dss.g.to_i,
40
+ :'y' => @dss.pub_key.to_i,
41
41
  }
42
42
  PublicKeyBlob.encode payload
43
43
  end
@@ -49,15 +49,15 @@ MRl/p42OrQzL/chRPvRf
49
49
  sign_r = sign_asn1.value[0].value.to_s(2).rjust(20, ["00"].pack("H"))
50
50
  sign_s = sign_asn1.value[1].value.to_s(2).rjust(20, ["00"].pack("H"))
51
51
  payload = {
52
- 'ssh-dss' => 'ssh-dss',
53
- 'dss_signature_blob' => (sign_r + sign_s),
52
+ :'ssh-dss' => "ssh-dss",
53
+ :'dss_signature_blob' => (sign_r + sign_s),
54
54
  }
55
55
  Signature.encode payload
56
56
  end
57
57
 
58
58
  def verify sign, data
59
59
  payload = Signature.decode sign
60
- dss_signature_blob = payload['dss_signature_blob']
60
+ dss_signature_blob = payload[:'dss_signature_blob']
61
61
  sign_r = dss_signature_blob[ 0, 20]
62
62
  sign_s = dss_signature_blob[20, 20]
63
63
  sign_asn1 = OpenSSL::ASN1::Sequence.new(
@@ -68,7 +68,7 @@ MRl/p42OrQzL/chRPvRf
68
68
  )
69
69
  sign_der = sign_asn1.to_der
70
70
  hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
71
- payload['ssh-dss'] == 'ssh-dss' && @dss.sysverify(hash, sign_der)
71
+ payload[:'ssh-dss'] == "ssh-dss" && @dss.sysverify(hash, sign_der)
72
72
  end
73
73
  end
74
74
  end
@@ -13,9 +13,9 @@ module HrrRbSsh
13
13
  include Codable
14
14
  end
15
15
  DEFINITION = [
16
- [DataType::String, 'ssh-rsa'],
17
- [DataType::Mpint, 'e'],
18
- [DataType::Mpint, 'n'],
16
+ [DataType::String, :'ssh-rsa'],
17
+ [DataType::Mpint, :'e'],
18
+ [DataType::Mpint, :'n'],
19
19
  ]
20
20
  end
21
21
  end
@@ -13,8 +13,8 @@ module HrrRbSsh
13
13
  include Codable
14
14
  end
15
15
  DEFINITION = [
16
- [DataType::String, 'ssh-rsa'],
17
- [DataType::String, 'rsa_signature_blob'],
16
+ [DataType::String, :'ssh-rsa'],
17
+ [DataType::String, :'rsa_signature_blob'],
18
18
  ]
19
19
  end
20
20
  end
@@ -47,24 +47,24 @@ vzTNM3SFzgt3bHkdEtDLc64aoBX+dHOot6u71XLZrshnHPtiZ0C/ZA==
47
47
 
48
48
  def server_public_host_key
49
49
  payload = {
50
- 'ssh-rsa' => 'ssh-rsa',
51
- 'e' => @rsa.e.to_i,
52
- 'n' => @rsa.n.to_i,
50
+ :'ssh-rsa' => "ssh-rsa",
51
+ :'e' => @rsa.e.to_i,
52
+ :'n' => @rsa.n.to_i,
53
53
  }
54
54
  PublicKeyBlob.encode payload
55
55
  end
56
56
 
57
57
  def sign data
58
58
  payload = {
59
- 'ssh-rsa' => 'ssh-rsa',
60
- 'rsa_signature_blob' => @rsa.sign(self.class::DIGEST, data),
59
+ :'ssh-rsa' => "ssh-rsa",
60
+ :'rsa_signature_blob' => @rsa.sign(self.class::DIGEST, data),
61
61
  }
62
62
  Signature.encode payload
63
63
  end
64
64
 
65
65
  def verify sign, data
66
66
  payload = Signature.decode sign
67
- payload['ssh-rsa'] == 'ssh-rsa' && @rsa.verify(self.class::DIGEST, payload['rsa_signature_blob'], data)
67
+ payload[:'ssh-rsa'] == "ssh-rsa" && @rsa.verify(self.class::DIGEST, payload[:'rsa_signature_blob'], data)
68
68
  end
69
69
  end
70
70
  end
@@ -16,3 +16,6 @@ end
16
16
 
17
17
  require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss'
18
18
  require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa'
19
+ require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256'
20
+ require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384'
21
+ require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521'
@@ -238,7 +238,7 @@ module HrrRbSsh
238
238
 
239
239
  def verify_service_request
240
240
  service_request_message = receive_service_request
241
- service_name = service_request_message['service name']
241
+ service_name = service_request_message[:'service name']
242
242
  if @acceptable_services.include? service_name
243
243
  send_service_accept service_name
244
244
  else
@@ -333,10 +333,10 @@ module HrrRbSsh
333
333
 
334
334
  def send_disconnect
335
335
  message = {
336
- 'message number' => HrrRbSsh::Message::SSH_MSG_DISCONNECT::VALUE,
337
- "reason code" => HrrRbSsh::Message::SSH_MSG_DISCONNECT::ReasonCode::SSH_DISCONNECT_BY_APPLICATION,
338
- "description" => "disconnected by user",
339
- "language tag" => ""
336
+ :'message number' => HrrRbSsh::Message::SSH_MSG_DISCONNECT::VALUE,
337
+ :'reason code' => HrrRbSsh::Message::SSH_MSG_DISCONNECT::ReasonCode::SSH_DISCONNECT_BY_APPLICATION,
338
+ :'description' => "disconnected by user",
339
+ :'language tag' => ""
340
340
  }
341
341
  payload = HrrRbSsh::Message::SSH_MSG_DISCONNECT.encode message
342
342
  send payload
@@ -344,20 +344,20 @@ module HrrRbSsh
344
344
 
345
345
  def send_kexinit
346
346
  message = {
347
- 'message number' => HrrRbSsh::Message::SSH_MSG_KEXINIT::VALUE,
348
- 'cookie (random byte)' => lambda { rand(0x01_00) },
349
- 'kex_algorithms' => @local_kex_algorithms,
350
- 'server_host_key_algorithms' => @local_server_host_key_algorithms,
351
- 'encryption_algorithms_client_to_server' => @local_encryption_algorithms_client_to_server,
352
- 'encryption_algorithms_server_to_client' => @local_encryption_algorithms_server_to_client,
353
- 'mac_algorithms_client_to_server' => @local_mac_algorithms_client_to_server,
354
- 'mac_algorithms_server_to_client' => @local_mac_algorithms_server_to_client,
355
- 'compression_algorithms_client_to_server' => @local_compression_algorithms_client_to_server,
356
- 'compression_algorithms_server_to_client' => @local_compression_algorithms_server_to_client,
357
- 'languages_client_to_server' => [],
358
- 'languages_server_to_client' => [],
359
- 'first_kex_packet_follows' => false,
360
- '0 (reserved for future extension)' => 0,
347
+ :'message number' => HrrRbSsh::Message::SSH_MSG_KEXINIT::VALUE,
348
+ :'cookie (random byte)' => lambda { rand(0x01_00) },
349
+ :'kex_algorithms' => @local_kex_algorithms,
350
+ :'server_host_key_algorithms' => @local_server_host_key_algorithms,
351
+ :'encryption_algorithms_client_to_server' => @local_encryption_algorithms_client_to_server,
352
+ :'encryption_algorithms_server_to_client' => @local_encryption_algorithms_server_to_client,
353
+ :'mac_algorithms_client_to_server' => @local_mac_algorithms_client_to_server,
354
+ :'mac_algorithms_server_to_client' => @local_mac_algorithms_server_to_client,
355
+ :'compression_algorithms_client_to_server' => @local_compression_algorithms_client_to_server,
356
+ :'compression_algorithms_server_to_client' => @local_compression_algorithms_server_to_client,
357
+ :'languages_client_to_server' => [],
358
+ :'languages_server_to_client' => [],
359
+ :'first_kex_packet_follows' => false,
360
+ :'0 (reserved for future extension)' => 0,
361
361
  }
362
362
  payload = HrrRbSsh::Message::SSH_MSG_KEXINIT.encode message
363
363
  send payload
@@ -383,7 +383,7 @@ module HrrRbSsh
383
383
 
384
384
  def send_newkeys
385
385
  message = {
386
- 'message number' => HrrRbSsh::Message::SSH_MSG_NEWKEYS::VALUE,
386
+ :'message number' => HrrRbSsh::Message::SSH_MSG_NEWKEYS::VALUE,
387
387
  }
388
388
  payload = HrrRbSsh::Message::SSH_MSG_NEWKEYS.encode message
389
389
  send payload
@@ -402,22 +402,22 @@ module HrrRbSsh
402
402
 
403
403
  def send_service_accept service_name
404
404
  message = {
405
- 'message number' => HrrRbSsh::Message::SSH_MSG_SERVICE_ACCEPT::VALUE,
406
- 'service name' => service_name,
405
+ :'message number' => HrrRbSsh::Message::SSH_MSG_SERVICE_ACCEPT::VALUE,
406
+ :'service name' => service_name,
407
407
  }
408
408
  payload = HrrRbSsh::Message::SSH_MSG_SERVICE_ACCEPT.encode message
409
409
  send payload
410
410
  end
411
411
 
412
412
  def update_remote_algorithms message
413
- @remote_kex_algorithms = message['kex_algorithms']
414
- @remote_server_host_key_algorithms = message['server_host_key_algorithms']
415
- @remote_encryption_algorithms_client_to_server = message['encryption_algorithms_client_to_server']
416
- @remote_encryption_algorithms_server_to_client = message['encryption_algorithms_server_to_client']
417
- @remote_mac_algorithms_client_to_server = message['mac_algorithms_client_to_server']
418
- @remote_mac_algorithms_server_to_client = message['mac_algorithms_server_to_client']
419
- @remote_compression_algorithms_client_to_server = message['compression_algorithms_client_to_server']
420
- @remote_compression_algorithms_server_to_client = message['compression_algorithms_server_to_client']
413
+ @remote_kex_algorithms = message[:'kex_algorithms']
414
+ @remote_server_host_key_algorithms = message[:'server_host_key_algorithms']
415
+ @remote_encryption_algorithms_client_to_server = message[:'encryption_algorithms_client_to_server']
416
+ @remote_encryption_algorithms_server_to_client = message[:'encryption_algorithms_server_to_client']
417
+ @remote_mac_algorithms_client_to_server = message[:'mac_algorithms_client_to_server']
418
+ @remote_mac_algorithms_server_to_client = message[:'mac_algorithms_server_to_client']
419
+ @remote_compression_algorithms_client_to_server = message[:'compression_algorithms_client_to_server']
420
+ @remote_compression_algorithms_server_to_client = message[:'compression_algorithms_server_to_client']
421
421
  end
422
422
 
423
423
  def update_kex_and_server_host_key_algorithms
@@ -2,5 +2,5 @@
2
2
  # vim: et ts=2 sw=2
3
3
 
4
4
  module HrrRbSsh
5
- VERSION = "0.1.4"
5
+ VERSION = "0.1.5"
6
6
  end