hrr_rb_ssh 0.1.4 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/demo/server.rb +10 -2
- data/lib/hrr_rb_ssh/authentication/method/none.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/password.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +28 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature.rb +27 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob.rb +33 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb +84 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/public_key_blob.rb +5 -5
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature_blob.rb +8 -8
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb +24 -24
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/public_key_blob.rb +3 -3
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature.rb +2 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature_blob.rb +8 -8
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb +19 -19
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/context.rb +7 -7
- data/lib/hrr_rb_ssh/authentication/method/publickey.rb +7 -7
- data/lib/hrr_rb_ssh/authentication.rb +6 -6
- data/lib/hrr_rb_ssh/codable.rb +7 -2
- data/lib/hrr_rb_ssh/connection/channel/channel_type/direct_tcpip.rb +102 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain/chain_context.rb +26 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain.rb +29 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env/context.rb +2 -2
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req/context.rb +6 -6
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change/context.rb +4 -4
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb +42 -0
- data/lib/hrr_rb_ssh/connection/channel/channel_type.rb +1 -0
- data/lib/hrr_rb_ssh/connection/channel.rb +50 -63
- data/lib/hrr_rb_ssh/connection/request_handler/reference_shell_request_handler.rb +29 -9
- data/lib/hrr_rb_ssh/connection.rb +22 -27
- data/lib/hrr_rb_ssh/message/001_ssh_msg_disconnect.rb +4 -4
- data/lib/hrr_rb_ssh/message/002_ssh_msg_ignore.rb +2 -2
- data/lib/hrr_rb_ssh/message/003_ssh_msg_unimplemented.rb +2 -2
- data/lib/hrr_rb_ssh/message/004_ssh_msg_debug.rb +4 -4
- data/lib/hrr_rb_ssh/message/005_ssh_msg_service_request.rb +2 -2
- data/lib/hrr_rb_ssh/message/006_ssh_msg_service_accept.rb +2 -2
- data/lib/hrr_rb_ssh/message/020_ssh_msg_kexinit.rb +29 -29
- data/lib/hrr_rb_ssh/message/021_ssh_msg_newkeys.rb +1 -1
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kex_dh_gex_request_old.rb +2 -2
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kexdh_init.rb +2 -2
- data/lib/hrr_rb_ssh/message/030_ssh_msg_kexecdh_init.rb +24 -0
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kex_dh_gex_group.rb +3 -3
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kexdh_reply.rb +4 -4
- data/lib/hrr_rb_ssh/message/031_ssh_msg_kexecdh_reply.rb +26 -0
- data/lib/hrr_rb_ssh/message/032_ssh_msg_kex_dh_gex_init.rb +2 -2
- data/lib/hrr_rb_ssh/message/033_ssh_msg_kex_dh_gex_reply.rb +4 -4
- data/lib/hrr_rb_ssh/message/034_ssh_msg_kex_dh_gex_request.rb +4 -4
- data/lib/hrr_rb_ssh/message/050_ssh_msg_userauth_request.rb +17 -17
- data/lib/hrr_rb_ssh/message/051_ssh_msg_userauth_failure.rb +3 -3
- data/lib/hrr_rb_ssh/message/052_ssh_msg_userauth_success.rb +1 -1
- data/lib/hrr_rb_ssh/message/060_ssh_msg_userauth_pk_ok.rb +3 -3
- data/lib/hrr_rb_ssh/message/080_ssh_msg_global_request.rb +12 -12
- data/lib/hrr_rb_ssh/message/081_ssh_msg_request_success.rb +5 -5
- data/lib/hrr_rb_ssh/message/082_ssh_msg_request_failure.rb +1 -1
- data/lib/hrr_rb_ssh/message/090_ssh_msg_channel_open.rb +24 -24
- data/lib/hrr_rb_ssh/message/091_ssh_msg_channel_open_confirmation.rb +14 -24
- data/lib/hrr_rb_ssh/message/092_ssh_msg_channel_open_failure.rb +5 -5
- data/lib/hrr_rb_ssh/message/093_ssh_msg_channel_window_adjust.rb +3 -3
- data/lib/hrr_rb_ssh/message/094_ssh_msg_channel_data.rb +3 -3
- data/lib/hrr_rb_ssh/message/095_ssh_msg_channel_extended_data.rb +4 -4
- data/lib/hrr_rb_ssh/message/096_ssh_msg_channel_eof.rb +2 -2
- data/lib/hrr_rb_ssh/message/097_ssh_msg_channel_close.rb +2 -2
- data/lib/hrr_rb_ssh/message/098_ssh_msg_channel_request.rb +51 -51
- data/lib/hrr_rb_ssh/message/099_ssh_msg_channel_success.rb +2 -2
- data/lib/hrr_rb_ssh/message/100_ssh_msg_channel_failure.rb +2 -2
- data/lib/hrr_rb_ssh/message.rb +2 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman/h0.rb +8 -8
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman.rb +13 -13
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange/h0.rb +13 -13
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb +24 -24
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman/h0.rb +29 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman.rb +132 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp256.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp384.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman_sha2_nistp521.rb +18 -0
- data/lib/hrr_rb_ssh/transport/kex_algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb +79 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb +80 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +25 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature.rb +23 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521.rb +81 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/public_key_blob.rb +5 -5
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss/signature.rb +2 -2
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss.rb +9 -9
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/public_key_blob.rb +3 -3
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa/signature.rb +2 -2
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa.rb +6 -6
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm.rb +3 -0
- data/lib/hrr_rb_ssh/transport.rb +30 -30
- data/lib/hrr_rb_ssh/version.rb +1 -1
- metadata +39 -4
- data/lib/hrr_rb_ssh/connection/channel/proc_chain/chain_context.rb +0 -22
- data/lib/hrr_rb_ssh/connection/channel/proc_chain.rb +0 -25
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp256
|
11
|
+
module Signature
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'ecdsa-sha2-[identifier]'],
|
17
|
+
[DataType::String, :'ecdsa_signature_blob'],
|
18
|
+
]
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,79 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/logger'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
class Transport
|
8
|
+
class ServerHostKeyAlgorithm
|
9
|
+
class EcdsaSha2Nistp256 < ServerHostKeyAlgorithm
|
10
|
+
NAME = 'ecdsa-sha2-nistp256'
|
11
|
+
PREFERENCE = 30
|
12
|
+
DIGEST = 'sha256'
|
13
|
+
IDENTIFIER = 'nistp256'
|
14
|
+
SECRET_KEY = <<-EOB
|
15
|
+
-----BEGIN EC PRIVATE KEY-----
|
16
|
+
MHcCAQEEIB+8vCekxXfgw+Nz10ZykUGaI+X6ftdGG6b2UX2iz7oEoAoGCCqGSM49
|
17
|
+
AwEHoUQDQgAEt1em9ko6A2kZFFwVtKgQ0xpggZg17EJQmhFz7ObGNsZ8VIFEc0Hg
|
18
|
+
SpNC6qrqdhUfVAjsF9y5O/3Z/LGh/lNTig==
|
19
|
+
-----END EC PRIVATE KEY-----
|
20
|
+
EOB
|
21
|
+
|
22
|
+
def initialize
|
23
|
+
@logger = HrrRbSsh::Logger.new(self.class.name)
|
24
|
+
@algorithm = OpenSSL::PKey::EC.new SECRET_KEY
|
25
|
+
end
|
26
|
+
|
27
|
+
def server_public_host_key
|
28
|
+
payload = {
|
29
|
+
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
30
|
+
:'[identifier]' => self.class::IDENTIFIER,
|
31
|
+
:'Q' => @algorithm.public_key.to_bn.to_s(2)
|
32
|
+
}
|
33
|
+
PublicKeyBlob.encode payload
|
34
|
+
end
|
35
|
+
|
36
|
+
def ecdsa_signature_blob data
|
37
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
38
|
+
sign_der = @algorithm.dsa_sign_asn1(hash)
|
39
|
+
sign_asn1 = OpenSSL::ASN1.decode(sign_der)
|
40
|
+
r = sign_asn1.value[0].value.to_i
|
41
|
+
s = sign_asn1.value[1].value.to_i
|
42
|
+
payload = {
|
43
|
+
:'r' => r,
|
44
|
+
:'s' => s,
|
45
|
+
}
|
46
|
+
EcdsaSignatureBlob.encode payload
|
47
|
+
end
|
48
|
+
|
49
|
+
def sign data
|
50
|
+
payload = {
|
51
|
+
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
52
|
+
:'ecdsa_signature_blob' => ecdsa_signature_blob(data),
|
53
|
+
}
|
54
|
+
Signature.encode payload
|
55
|
+
end
|
56
|
+
|
57
|
+
def verify sign, data
|
58
|
+
payload = Signature.decode sign
|
59
|
+
ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
|
60
|
+
r = ecdsa_signature_blob[:'r']
|
61
|
+
s = ecdsa_signature_blob[:'s']
|
62
|
+
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
63
|
+
[
|
64
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
|
65
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
|
66
|
+
]
|
67
|
+
)
|
68
|
+
sign_der = sign_asn1.to_der
|
69
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
70
|
+
payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/public_key_blob'
|
78
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob'
|
79
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/signature'
|
data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp384
|
11
|
+
module EcdsaSignatureBlob
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::Mpint, :'r'],
|
17
|
+
[DataType::Mpint, :'s'],
|
18
|
+
]
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob.rb
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp384
|
11
|
+
module PublicKeyBlob
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'ecdsa-sha2-[identifier]'],
|
17
|
+
[DataType::String, :'[identifier]'],
|
18
|
+
[DataType::String, :'Q'],
|
19
|
+
]
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp384
|
11
|
+
module Signature
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'ecdsa-sha2-[identifier]'],
|
17
|
+
[DataType::String, :'ecdsa_signature_blob'],
|
18
|
+
]
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/logger'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
class Transport
|
8
|
+
class ServerHostKeyAlgorithm
|
9
|
+
class EcdsaSha2Nistp384 < ServerHostKeyAlgorithm
|
10
|
+
NAME = 'ecdsa-sha2-nistp384'
|
11
|
+
PREFERENCE = 40
|
12
|
+
DIGEST = 'sha384'
|
13
|
+
IDENTIFIER = 'nistp384'
|
14
|
+
SECRET_KEY = <<-EOB
|
15
|
+
-----BEGIN EC PRIVATE KEY-----
|
16
|
+
MIGkAgEBBDCKZ6ulBka9rUw+gqKiQdVBG6fzH1klswyMrxrzCcfwRfoc5CGnj8e7
|
17
|
+
emk+IHyUsd6gBwYFK4EEACKhZANiAATnWMWRgfp3DFiBmdT7LunyBk9YIBYqPsrk
|
18
|
+
Zil+AWvlISusiW2JcZVB+Hz79tyrgzfwp6n6k9r5s31EIGTGf/n7UMwISrUCfcx+
|
19
|
+
xVrnYV8pOoy+dcUiGb9okf1jc41bLHc=
|
20
|
+
-----END EC PRIVATE KEY-----
|
21
|
+
EOB
|
22
|
+
|
23
|
+
def initialize
|
24
|
+
@logger = HrrRbSsh::Logger.new(self.class.name)
|
25
|
+
@algorithm = OpenSSL::PKey::EC.new SECRET_KEY
|
26
|
+
end
|
27
|
+
|
28
|
+
def server_public_host_key
|
29
|
+
payload = {
|
30
|
+
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
31
|
+
:'[identifier]' => self.class::IDENTIFIER,
|
32
|
+
:'Q' => @algorithm.public_key.to_bn.to_s(2)
|
33
|
+
}
|
34
|
+
PublicKeyBlob.encode payload
|
35
|
+
end
|
36
|
+
|
37
|
+
def ecdsa_signature_blob data
|
38
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
39
|
+
sign_der = @algorithm.dsa_sign_asn1(hash)
|
40
|
+
sign_asn1 = OpenSSL::ASN1.decode(sign_der)
|
41
|
+
r = sign_asn1.value[0].value.to_i
|
42
|
+
s = sign_asn1.value[1].value.to_i
|
43
|
+
payload = {
|
44
|
+
:'r' => r,
|
45
|
+
:'s' => s,
|
46
|
+
}
|
47
|
+
EcdsaSignatureBlob.encode payload
|
48
|
+
end
|
49
|
+
|
50
|
+
def sign data
|
51
|
+
payload = {
|
52
|
+
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
53
|
+
:'ecdsa_signature_blob' => ecdsa_signature_blob(data),
|
54
|
+
}
|
55
|
+
Signature.encode payload
|
56
|
+
end
|
57
|
+
|
58
|
+
def verify sign, data
|
59
|
+
payload = Signature.decode sign
|
60
|
+
ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
|
61
|
+
r = ecdsa_signature_blob[:'r']
|
62
|
+
s = ecdsa_signature_blob[:'s']
|
63
|
+
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
64
|
+
[
|
65
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
|
66
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
|
67
|
+
]
|
68
|
+
)
|
69
|
+
sign_der = sign_asn1.to_der
|
70
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
71
|
+
payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob'
|
79
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob'
|
80
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature'
|
data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp521
|
11
|
+
module EcdsaSignatureBlob
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::Mpint, :'r'],
|
17
|
+
[DataType::Mpint, :'s'],
|
18
|
+
]
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob.rb
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp521
|
11
|
+
module PublicKeyBlob
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'ecdsa-sha2-[identifier]'],
|
17
|
+
[DataType::String, :'[identifier]'],
|
18
|
+
[DataType::String, :'Q'],
|
19
|
+
]
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Transport
|
9
|
+
class ServerHostKeyAlgorithm
|
10
|
+
class EcdsaSha2Nistp521
|
11
|
+
module Signature
|
12
|
+
class << self
|
13
|
+
include Codable
|
14
|
+
end
|
15
|
+
DEFINITION = [
|
16
|
+
[DataType::String, :'ecdsa-sha2-[identifier]'],
|
17
|
+
[DataType::String, :'ecdsa_signature_blob'],
|
18
|
+
]
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,81 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/logger'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
class Transport
|
8
|
+
class ServerHostKeyAlgorithm
|
9
|
+
class EcdsaSha2Nistp521 < ServerHostKeyAlgorithm
|
10
|
+
NAME = 'ecdsa-sha2-nistp521'
|
11
|
+
PREFERENCE = 50
|
12
|
+
DIGEST = 'sha512'
|
13
|
+
IDENTIFIER = 'nistp521'
|
14
|
+
SECRET_KEY = <<-EOB
|
15
|
+
-----BEGIN EC PRIVATE KEY-----
|
16
|
+
MIHcAgEBBEIByLZ82qYoJid43PwFAdhr3mSH7SalBTdrK8H6h4p3RKEisAsVhmVb
|
17
|
+
Sx+uGtgKVxxZT5s9tjr7W7Aqc6We5Fg9z7igBwYFK4EEACOhgYkDgYYABAFLHJ3H
|
18
|
+
6HBJyJFsN2PRsjJyRMfYE57BB8dmZgwTsHuSAXBkj+2g4ucwtF240zAWw6JOYdqE
|
19
|
+
V5O4BMNxGfYj+0ceKABJ4MgfUXQ3a1cXn8Dk2Q2uibbfVi7tQ7ET4k/A6B9f/Zwq
|
20
|
+
/zEM5OVWhfyc+vuEg+TfTtTqgVI2zJpLI7+mSjB/5Q==
|
21
|
+
-----END EC PRIVATE KEY-----
|
22
|
+
EOB
|
23
|
+
|
24
|
+
def initialize
|
25
|
+
@logger = HrrRbSsh::Logger.new(self.class.name)
|
26
|
+
@algorithm = OpenSSL::PKey::EC.new SECRET_KEY
|
27
|
+
end
|
28
|
+
|
29
|
+
def server_public_host_key
|
30
|
+
payload = {
|
31
|
+
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
32
|
+
:'[identifier]' => self.class::IDENTIFIER,
|
33
|
+
:'Q' => @algorithm.public_key.to_bn.to_s(2)
|
34
|
+
}
|
35
|
+
PublicKeyBlob.encode payload
|
36
|
+
end
|
37
|
+
|
38
|
+
def ecdsa_signature_blob data
|
39
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
40
|
+
sign_der = @algorithm.dsa_sign_asn1(hash)
|
41
|
+
sign_asn1 = OpenSSL::ASN1.decode(sign_der)
|
42
|
+
r = sign_asn1.value[0].value.to_i
|
43
|
+
s = sign_asn1.value[1].value.to_i
|
44
|
+
payload = {
|
45
|
+
:'r' => r,
|
46
|
+
:'s' => s,
|
47
|
+
}
|
48
|
+
EcdsaSignatureBlob.encode payload
|
49
|
+
end
|
50
|
+
|
51
|
+
def sign data
|
52
|
+
payload = {
|
53
|
+
:'ecdsa-sha2-[identifier]' => self.class::NAME,
|
54
|
+
:'ecdsa_signature_blob' => ecdsa_signature_blob(data),
|
55
|
+
}
|
56
|
+
Signature.encode payload
|
57
|
+
end
|
58
|
+
|
59
|
+
def verify sign, data
|
60
|
+
payload = Signature.decode sign
|
61
|
+
ecdsa_signature_blob = EcdsaSignatureBlob.decode payload[:'ecdsa_signature_blob']
|
62
|
+
r = ecdsa_signature_blob[:'r']
|
63
|
+
s = ecdsa_signature_blob[:'s']
|
64
|
+
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
65
|
+
[
|
66
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
|
67
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
|
68
|
+
]
|
69
|
+
)
|
70
|
+
sign_der = sign_asn1.to_der
|
71
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
72
|
+
payload[:'ecdsa-sha2-[identifier]'] == self.class::NAME && @algorithm.dsa_verify_asn1(hash, sign_der)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob'
|
80
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob'
|
81
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature'
|
@@ -13,11 +13,11 @@ module HrrRbSsh
|
|
13
13
|
include Codable
|
14
14
|
end
|
15
15
|
DEFINITION = [
|
16
|
-
[DataType::String, 'ssh-dss'],
|
17
|
-
[DataType::Mpint, 'p'],
|
18
|
-
[DataType::Mpint, 'q'],
|
19
|
-
[DataType::Mpint, 'g'],
|
20
|
-
[DataType::Mpint, 'y'],
|
16
|
+
[DataType::String, :'ssh-dss'],
|
17
|
+
[DataType::Mpint, :'p'],
|
18
|
+
[DataType::Mpint, :'q'],
|
19
|
+
[DataType::Mpint, :'g'],
|
20
|
+
[DataType::Mpint, :'y'],
|
21
21
|
]
|
22
22
|
end
|
23
23
|
end
|
@@ -33,11 +33,11 @@ MRl/p42OrQzL/chRPvRf
|
|
33
33
|
|
34
34
|
def server_public_host_key
|
35
35
|
payload = {
|
36
|
-
'ssh-dss' =>
|
37
|
-
'p' => @dss.p.to_i,
|
38
|
-
'q' => @dss.q.to_i,
|
39
|
-
'g' => @dss.g.to_i,
|
40
|
-
'y' => @dss.pub_key.to_i,
|
36
|
+
:'ssh-dss' => "ssh-dss",
|
37
|
+
:'p' => @dss.p.to_i,
|
38
|
+
:'q' => @dss.q.to_i,
|
39
|
+
:'g' => @dss.g.to_i,
|
40
|
+
:'y' => @dss.pub_key.to_i,
|
41
41
|
}
|
42
42
|
PublicKeyBlob.encode payload
|
43
43
|
end
|
@@ -49,15 +49,15 @@ MRl/p42OrQzL/chRPvRf
|
|
49
49
|
sign_r = sign_asn1.value[0].value.to_s(2).rjust(20, ["00"].pack("H"))
|
50
50
|
sign_s = sign_asn1.value[1].value.to_s(2).rjust(20, ["00"].pack("H"))
|
51
51
|
payload = {
|
52
|
-
'ssh-dss' =>
|
53
|
-
'dss_signature_blob' => (sign_r + sign_s),
|
52
|
+
:'ssh-dss' => "ssh-dss",
|
53
|
+
:'dss_signature_blob' => (sign_r + sign_s),
|
54
54
|
}
|
55
55
|
Signature.encode payload
|
56
56
|
end
|
57
57
|
|
58
58
|
def verify sign, data
|
59
59
|
payload = Signature.decode sign
|
60
|
-
dss_signature_blob = payload['dss_signature_blob']
|
60
|
+
dss_signature_blob = payload[:'dss_signature_blob']
|
61
61
|
sign_r = dss_signature_blob[ 0, 20]
|
62
62
|
sign_s = dss_signature_blob[20, 20]
|
63
63
|
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
@@ -68,7 +68,7 @@ MRl/p42OrQzL/chRPvRf
|
|
68
68
|
)
|
69
69
|
sign_der = sign_asn1.to_der
|
70
70
|
hash = OpenSSL::Digest.digest(self.class::DIGEST, data)
|
71
|
-
payload['ssh-dss'] ==
|
71
|
+
payload[:'ssh-dss'] == "ssh-dss" && @dss.sysverify(hash, sign_der)
|
72
72
|
end
|
73
73
|
end
|
74
74
|
end
|
@@ -13,9 +13,9 @@ module HrrRbSsh
|
|
13
13
|
include Codable
|
14
14
|
end
|
15
15
|
DEFINITION = [
|
16
|
-
[DataType::String, 'ssh-rsa'],
|
17
|
-
[DataType::Mpint, 'e'],
|
18
|
-
[DataType::Mpint, 'n'],
|
16
|
+
[DataType::String, :'ssh-rsa'],
|
17
|
+
[DataType::Mpint, :'e'],
|
18
|
+
[DataType::Mpint, :'n'],
|
19
19
|
]
|
20
20
|
end
|
21
21
|
end
|
@@ -47,24 +47,24 @@ vzTNM3SFzgt3bHkdEtDLc64aoBX+dHOot6u71XLZrshnHPtiZ0C/ZA==
|
|
47
47
|
|
48
48
|
def server_public_host_key
|
49
49
|
payload = {
|
50
|
-
'ssh-rsa' =>
|
51
|
-
'e' => @rsa.e.to_i,
|
52
|
-
'n' => @rsa.n.to_i,
|
50
|
+
:'ssh-rsa' => "ssh-rsa",
|
51
|
+
:'e' => @rsa.e.to_i,
|
52
|
+
:'n' => @rsa.n.to_i,
|
53
53
|
}
|
54
54
|
PublicKeyBlob.encode payload
|
55
55
|
end
|
56
56
|
|
57
57
|
def sign data
|
58
58
|
payload = {
|
59
|
-
'ssh-rsa' =>
|
60
|
-
'rsa_signature_blob' => @rsa.sign(self.class::DIGEST, data),
|
59
|
+
:'ssh-rsa' => "ssh-rsa",
|
60
|
+
:'rsa_signature_blob' => @rsa.sign(self.class::DIGEST, data),
|
61
61
|
}
|
62
62
|
Signature.encode payload
|
63
63
|
end
|
64
64
|
|
65
65
|
def verify sign, data
|
66
66
|
payload = Signature.decode sign
|
67
|
-
payload['ssh-rsa'] ==
|
67
|
+
payload[:'ssh-rsa'] == "ssh-rsa" && @rsa.verify(self.class::DIGEST, payload[:'rsa_signature_blob'], data)
|
68
68
|
end
|
69
69
|
end
|
70
70
|
end
|
@@ -16,3 +16,6 @@ end
|
|
16
16
|
|
17
17
|
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss'
|
18
18
|
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa'
|
19
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256'
|
20
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384'
|
21
|
+
require 'hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521'
|
data/lib/hrr_rb_ssh/transport.rb
CHANGED
@@ -238,7 +238,7 @@ module HrrRbSsh
|
|
238
238
|
|
239
239
|
def verify_service_request
|
240
240
|
service_request_message = receive_service_request
|
241
|
-
service_name = service_request_message['service name']
|
241
|
+
service_name = service_request_message[:'service name']
|
242
242
|
if @acceptable_services.include? service_name
|
243
243
|
send_service_accept service_name
|
244
244
|
else
|
@@ -333,10 +333,10 @@ module HrrRbSsh
|
|
333
333
|
|
334
334
|
def send_disconnect
|
335
335
|
message = {
|
336
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_DISCONNECT::VALUE,
|
337
|
-
|
338
|
-
|
339
|
-
|
336
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_DISCONNECT::VALUE,
|
337
|
+
:'reason code' => HrrRbSsh::Message::SSH_MSG_DISCONNECT::ReasonCode::SSH_DISCONNECT_BY_APPLICATION,
|
338
|
+
:'description' => "disconnected by user",
|
339
|
+
:'language tag' => ""
|
340
340
|
}
|
341
341
|
payload = HrrRbSsh::Message::SSH_MSG_DISCONNECT.encode message
|
342
342
|
send payload
|
@@ -344,20 +344,20 @@ module HrrRbSsh
|
|
344
344
|
|
345
345
|
def send_kexinit
|
346
346
|
message = {
|
347
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_KEXINIT::VALUE,
|
348
|
-
'cookie (random byte)' => lambda { rand(0x01_00) },
|
349
|
-
'kex_algorithms' => @local_kex_algorithms,
|
350
|
-
'server_host_key_algorithms' => @local_server_host_key_algorithms,
|
351
|
-
'encryption_algorithms_client_to_server' => @local_encryption_algorithms_client_to_server,
|
352
|
-
'encryption_algorithms_server_to_client' => @local_encryption_algorithms_server_to_client,
|
353
|
-
'mac_algorithms_client_to_server' => @local_mac_algorithms_client_to_server,
|
354
|
-
'mac_algorithms_server_to_client' => @local_mac_algorithms_server_to_client,
|
355
|
-
'compression_algorithms_client_to_server' => @local_compression_algorithms_client_to_server,
|
356
|
-
'compression_algorithms_server_to_client' => @local_compression_algorithms_server_to_client,
|
357
|
-
'languages_client_to_server' => [],
|
358
|
-
'languages_server_to_client' => [],
|
359
|
-
'first_kex_packet_follows' => false,
|
360
|
-
'0 (reserved for future extension)' => 0,
|
347
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_KEXINIT::VALUE,
|
348
|
+
:'cookie (random byte)' => lambda { rand(0x01_00) },
|
349
|
+
:'kex_algorithms' => @local_kex_algorithms,
|
350
|
+
:'server_host_key_algorithms' => @local_server_host_key_algorithms,
|
351
|
+
:'encryption_algorithms_client_to_server' => @local_encryption_algorithms_client_to_server,
|
352
|
+
:'encryption_algorithms_server_to_client' => @local_encryption_algorithms_server_to_client,
|
353
|
+
:'mac_algorithms_client_to_server' => @local_mac_algorithms_client_to_server,
|
354
|
+
:'mac_algorithms_server_to_client' => @local_mac_algorithms_server_to_client,
|
355
|
+
:'compression_algorithms_client_to_server' => @local_compression_algorithms_client_to_server,
|
356
|
+
:'compression_algorithms_server_to_client' => @local_compression_algorithms_server_to_client,
|
357
|
+
:'languages_client_to_server' => [],
|
358
|
+
:'languages_server_to_client' => [],
|
359
|
+
:'first_kex_packet_follows' => false,
|
360
|
+
:'0 (reserved for future extension)' => 0,
|
361
361
|
}
|
362
362
|
payload = HrrRbSsh::Message::SSH_MSG_KEXINIT.encode message
|
363
363
|
send payload
|
@@ -383,7 +383,7 @@ module HrrRbSsh
|
|
383
383
|
|
384
384
|
def send_newkeys
|
385
385
|
message = {
|
386
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_NEWKEYS::VALUE,
|
386
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_NEWKEYS::VALUE,
|
387
387
|
}
|
388
388
|
payload = HrrRbSsh::Message::SSH_MSG_NEWKEYS.encode message
|
389
389
|
send payload
|
@@ -402,22 +402,22 @@ module HrrRbSsh
|
|
402
402
|
|
403
403
|
def send_service_accept service_name
|
404
404
|
message = {
|
405
|
-
'message number' => HrrRbSsh::Message::SSH_MSG_SERVICE_ACCEPT::VALUE,
|
406
|
-
'service name' => service_name,
|
405
|
+
:'message number' => HrrRbSsh::Message::SSH_MSG_SERVICE_ACCEPT::VALUE,
|
406
|
+
:'service name' => service_name,
|
407
407
|
}
|
408
408
|
payload = HrrRbSsh::Message::SSH_MSG_SERVICE_ACCEPT.encode message
|
409
409
|
send payload
|
410
410
|
end
|
411
411
|
|
412
412
|
def update_remote_algorithms message
|
413
|
-
@remote_kex_algorithms = message['kex_algorithms']
|
414
|
-
@remote_server_host_key_algorithms = message['server_host_key_algorithms']
|
415
|
-
@remote_encryption_algorithms_client_to_server = message['encryption_algorithms_client_to_server']
|
416
|
-
@remote_encryption_algorithms_server_to_client = message['encryption_algorithms_server_to_client']
|
417
|
-
@remote_mac_algorithms_client_to_server = message['mac_algorithms_client_to_server']
|
418
|
-
@remote_mac_algorithms_server_to_client = message['mac_algorithms_server_to_client']
|
419
|
-
@remote_compression_algorithms_client_to_server = message['compression_algorithms_client_to_server']
|
420
|
-
@remote_compression_algorithms_server_to_client = message['compression_algorithms_server_to_client']
|
413
|
+
@remote_kex_algorithms = message[:'kex_algorithms']
|
414
|
+
@remote_server_host_key_algorithms = message[:'server_host_key_algorithms']
|
415
|
+
@remote_encryption_algorithms_client_to_server = message[:'encryption_algorithms_client_to_server']
|
416
|
+
@remote_encryption_algorithms_server_to_client = message[:'encryption_algorithms_server_to_client']
|
417
|
+
@remote_mac_algorithms_client_to_server = message[:'mac_algorithms_client_to_server']
|
418
|
+
@remote_mac_algorithms_server_to_client = message[:'mac_algorithms_server_to_client']
|
419
|
+
@remote_compression_algorithms_client_to_server = message[:'compression_algorithms_client_to_server']
|
420
|
+
@remote_compression_algorithms_server_to_client = message[:'compression_algorithms_server_to_client']
|
421
421
|
end
|
422
422
|
|
423
423
|
def update_kex_and_server_host_key_algorithms
|
data/lib/hrr_rb_ssh/version.rb
CHANGED