hrr_rb_ssh 0.1.9 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +12 -2
- data/README.md +11 -9
- data/demo/echo_server.rb +50 -42
- data/demo/server.rb +81 -62
- data/demo/subsystem_echo_server.rb +54 -47
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm/ecdsa_sha2_nistp521 → algorithm/publickey/ecdsa_sha2}/ecdsa_signature_blob.rb +3 -3
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm/ecdsa_sha2_nistp256 → algorithm/publickey/ecdsa_sha2}/public_key_blob.rb +5 -6
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm/ecdsa_sha2_nistp256 → algorithm/publickey/ecdsa_sha2}/signature.rb +5 -5
- data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb +85 -0
- data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp256.rb +19 -0
- data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp384.rb +19 -0
- data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp521.rb +19 -0
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_dss/public_key_blob.rb +3 -3
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_dss/signature.rb +4 -4
- data/lib/hrr_rb_ssh/algorithm/publickey/ssh_dss.rb +90 -0
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_rsa/public_key_blob.rb +3 -4
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_rsa/signature.rb +4 -4
- data/lib/hrr_rb_ssh/algorithm/publickey/ssh_rsa.rb +67 -0
- data/lib/hrr_rb_ssh/algorithm/publickey.rb +32 -0
- data/lib/hrr_rb_ssh/algorithm.rb +9 -0
- data/lib/hrr_rb_ssh/authentication/method/none/context.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/none.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/password/context.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/password.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb +2 -65
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb +2 -65
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb +2 -65
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/functionable.rb +54 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/signature_blob.rb +31 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb +2 -73
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb +2 -55
- data/lib/hrr_rb_ssh/authentication/method/publickey.rb +3 -3
- data/lib/hrr_rb_ssh/authentication.rb +15 -15
- data/lib/hrr_rb_ssh/codable.rb +1 -1
- data/lib/hrr_rb_ssh/compat/openssh/public_key.rb +3 -40
- data/lib/hrr_rb_ssh/compat/ruby/array.rb +14 -0
- data/lib/hrr_rb_ssh/compat/ruby/openssl/bn.rb +20 -0
- data/lib/hrr_rb_ssh/compat/ruby/openssl.rb +4 -0
- data/lib/hrr_rb_ssh/compat/ruby/queue.rb +38 -0
- data/lib/hrr_rb_ssh/compat/ruby.rb +6 -0
- data/lib/hrr_rb_ssh/compat.rb +1 -63
- data/lib/hrr_rb_ssh/connection/channel/channel_type/direct_tcpip.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/forwarded_tcpip.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain/chain_context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/shell/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/shell.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel.rb +22 -22
- data/lib/hrr_rb_ssh/connection/global_request_handler.rb +1 -1
- data/lib/hrr_rb_ssh/connection/request_handler/reference_env_request_handler.rb +1 -1
- data/lib/hrr_rb_ssh/connection/request_handler/reference_exec_request_handler.rb +3 -56
- data/lib/hrr_rb_ssh/connection/request_handler/reference_pty_req_request_handler.rb +50 -13
- data/lib/hrr_rb_ssh/connection/request_handler/reference_shell_request_handler.rb +3 -56
- data/lib/hrr_rb_ssh/connection/request_handler/reference_window_change_request_handler.rb +1 -1
- data/lib/hrr_rb_ssh/connection/request_handler.rb +1 -1
- data/lib/hrr_rb_ssh/connection.rb +40 -40
- data/lib/hrr_rb_ssh/data_type.rb +0 -3
- data/lib/hrr_rb_ssh/error/closed_authentication.rb +9 -0
- data/lib/hrr_rb_ssh/{closed_transport_error.rb → error/closed_connection.rb} +3 -1
- data/lib/hrr_rb_ssh/{closed_authentication_error.rb → error/closed_transport.rb} +3 -1
- data/lib/hrr_rb_ssh/error.rb +11 -0
- data/lib/hrr_rb_ssh/{closed_connection_error.rb → mode.rb} +3 -1
- data/lib/hrr_rb_ssh/server.rb +23 -0
- data/lib/hrr_rb_ssh/transport/compression_algorithm/functionable.rb +1 -1
- data/lib/hrr_rb_ssh/transport/compression_algorithm/unfunctionable.rb +1 -1
- data/lib/hrr_rb_ssh/transport/encryption_algorithm/functionable.rb +3 -3
- data/lib/hrr_rb_ssh/transport/encryption_algorithm/unfunctionable.rb +1 -1
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman.rb +8 -48
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb +11 -51
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman.rb +8 -48
- data/lib/hrr_rb_ssh/transport/kex_algorithm/iv_computable.rb +57 -0
- data/lib/hrr_rb_ssh/transport/mac_algorithm/functionable.rb +2 -2
- data/lib/hrr_rb_ssh/transport/mac_algorithm/unfunctionable.rb +1 -1
- data/lib/hrr_rb_ssh/transport/receiver.rb +1 -1
- data/lib/hrr_rb_ssh/transport/sender.rb +1 -1
- data/lib/hrr_rb_ssh/transport/sequence_number.rb +1 -1
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb +2 -56
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb +2 -56
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521.rb +2 -56
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/functionable.rb +29 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss.rb +2 -50
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa.rb +2 -31
- data/lib/hrr_rb_ssh/transport.rb +83 -81
- data/lib/hrr_rb_ssh/version.rb +1 -1
- data/lib/hrr_rb_ssh.rb +4 -0
- metadata +32 -37
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +0 -28
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +0 -28
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +0 -28
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/public_key_blob.rb +0 -30
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/public_key_blob.rb +0 -28
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/transport/mode.rb +0 -11
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +0 -23
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +0 -23
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +0 -25
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature.rb +0 -23
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +0 -25
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature.rb +0 -23
@@ -0,0 +1,19 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
module Algorithm
|
8
|
+
class Publickey
|
9
|
+
class EcdsaSha2Nistp384 < Publickey
|
10
|
+
NAME = 'ecdsa-sha2-nistp384'
|
11
|
+
DIGEST = 'sha384'
|
12
|
+
IDENTIFIER = 'nistp384'
|
13
|
+
CURVE_NAME = 'secp384r1'
|
14
|
+
|
15
|
+
include EcdsaSha2
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
module Algorithm
|
8
|
+
class Publickey
|
9
|
+
class EcdsaSha2Nistp521 < Publickey
|
10
|
+
NAME = 'ecdsa-sha2-nistp521'
|
11
|
+
DIGEST = 'sha512'
|
12
|
+
IDENTIFIER = 'nistp521'
|
13
|
+
CURVE_NAME = 'secp521r1'
|
14
|
+
|
15
|
+
include EcdsaSha2
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -5,15 +5,15 @@ require 'hrr_rb_ssh/data_type'
|
|
5
5
|
require 'hrr_rb_ssh/codable'
|
6
6
|
|
7
7
|
module HrrRbSsh
|
8
|
-
|
9
|
-
class
|
8
|
+
module Algorithm
|
9
|
+
class Publickey
|
10
10
|
class SshDss
|
11
11
|
module PublicKeyBlob
|
12
12
|
class << self
|
13
13
|
include Codable
|
14
14
|
end
|
15
15
|
DEFINITION = [
|
16
|
-
[DataType::String, :'
|
16
|
+
[DataType::String, :'public key algorithm name'],
|
17
17
|
[DataType::Mpint, :'p'],
|
18
18
|
[DataType::Mpint, :'q'],
|
19
19
|
[DataType::Mpint, :'g'],
|
data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_dss/signature.rb
RENAMED
@@ -5,16 +5,16 @@ require 'hrr_rb_ssh/data_type'
|
|
5
5
|
require 'hrr_rb_ssh/codable'
|
6
6
|
|
7
7
|
module HrrRbSsh
|
8
|
-
|
9
|
-
class
|
8
|
+
module Algorithm
|
9
|
+
class Publickey
|
10
10
|
class SshDss
|
11
11
|
module Signature
|
12
12
|
class << self
|
13
13
|
include Codable
|
14
14
|
end
|
15
15
|
DEFINITION = [
|
16
|
-
[DataType::String, :'
|
17
|
-
[DataType::String, :'
|
16
|
+
[DataType::String, :'public key algorithm name'],
|
17
|
+
[DataType::String, :'signature blob'],
|
18
18
|
]
|
19
19
|
end
|
20
20
|
end
|
@@ -0,0 +1,90 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/logger'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
module Algorithm
|
8
|
+
class Publickey
|
9
|
+
class SshDss < Publickey
|
10
|
+
NAME = 'ssh-dss'
|
11
|
+
DIGEST = 'sha1'
|
12
|
+
|
13
|
+
def initialize arg
|
14
|
+
begin
|
15
|
+
new_by_key_str arg
|
16
|
+
rescue OpenSSL::PKey::DSAError
|
17
|
+
new_by_public_key_blob arg
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def new_by_key_str key_str
|
22
|
+
@publickey = OpenSSL::PKey::DSA.new(key_str)
|
23
|
+
end
|
24
|
+
|
25
|
+
def new_by_public_key_blob public_key_blob
|
26
|
+
public_key_blob_h = PublicKeyBlob.decode(public_key_blob)
|
27
|
+
@publickey = OpenSSL::PKey::DSA.new
|
28
|
+
if @publickey.respond_to?(:set_pqg)
|
29
|
+
@publickey.set_pqg public_key_blob_h[:'p'], public_key_blob_h[:'q'], public_key_blob_h[:'g']
|
30
|
+
else
|
31
|
+
@publickey.p = public_key_blob_h[:'p']
|
32
|
+
@publickey.q = public_key_blob_h[:'q']
|
33
|
+
@publickey.g = public_key_blob_h[:'g']
|
34
|
+
end
|
35
|
+
if @publickey.respond_to?(:set_key)
|
36
|
+
@publickey.set_key public_key_blob_h[:'y'], nil
|
37
|
+
else
|
38
|
+
@publickey.pub_key = public_key_blob_h[:'y']
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def to_pem
|
43
|
+
@publickey.public_key.to_pem
|
44
|
+
end
|
45
|
+
|
46
|
+
def to_public_key_blob
|
47
|
+
public_key_blob_h = {
|
48
|
+
:'public key algorithm name' => self.class::NAME,
|
49
|
+
:'p' => @publickey.p.to_i,
|
50
|
+
:'q' => @publickey.q.to_i,
|
51
|
+
:'g' => @publickey.g.to_i,
|
52
|
+
:'y' => @publickey.pub_key.to_i,
|
53
|
+
}
|
54
|
+
PublicKeyBlob.encode(public_key_blob_h)
|
55
|
+
end
|
56
|
+
|
57
|
+
def sign signature_blob
|
58
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, signature_blob)
|
59
|
+
sign_der = @publickey.syssign(hash)
|
60
|
+
sign_asn1 = OpenSSL::ASN1.decode(sign_der)
|
61
|
+
sign_r = sign_asn1.value[0].value.to_s(2).rjust(20, ["00"].pack("H"))
|
62
|
+
sign_s = sign_asn1.value[1].value.to_s(2).rjust(20, ["00"].pack("H"))
|
63
|
+
signature_h = {
|
64
|
+
:'public key algorithm name' => self.class::NAME,
|
65
|
+
:'signature blob' => (sign_r + sign_s),
|
66
|
+
}
|
67
|
+
Signature.encode signature_h
|
68
|
+
end
|
69
|
+
|
70
|
+
def verify signature, signature_blob
|
71
|
+
signature_h = Signature.decode signature
|
72
|
+
sign_r = signature_h[:'signature blob'][ 0, 20]
|
73
|
+
sign_s = signature_h[:'signature blob'][20, 20]
|
74
|
+
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
75
|
+
[
|
76
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r, 2)),
|
77
|
+
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s, 2)),
|
78
|
+
]
|
79
|
+
)
|
80
|
+
sign_der = sign_asn1.to_der
|
81
|
+
hash = OpenSSL::Digest.digest(self.class::DIGEST, signature_blob)
|
82
|
+
signature_h[:'public key algorithm name'] == self.class::NAME && @publickey.sysverify(hash, sign_der)
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
require 'hrr_rb_ssh/algorithm/publickey/ssh_dss/public_key_blob'
|
90
|
+
require 'hrr_rb_ssh/algorithm/publickey/ssh_dss/signature'
|
@@ -5,15 +5,15 @@ require 'hrr_rb_ssh/data_type'
|
|
5
5
|
require 'hrr_rb_ssh/codable'
|
6
6
|
|
7
7
|
module HrrRbSsh
|
8
|
-
|
9
|
-
class
|
8
|
+
module Algorithm
|
9
|
+
class Publickey
|
10
10
|
class SshRsa
|
11
11
|
module PublicKeyBlob
|
12
12
|
class << self
|
13
13
|
include Codable
|
14
14
|
end
|
15
15
|
DEFINITION = [
|
16
|
-
[DataType::String, :'
|
16
|
+
[DataType::String, :'public key algorithm name'],
|
17
17
|
[DataType::Mpint, :'e'],
|
18
18
|
[DataType::Mpint, :'n'],
|
19
19
|
]
|
@@ -22,4 +22,3 @@ module HrrRbSsh
|
|
22
22
|
end
|
23
23
|
end
|
24
24
|
end
|
25
|
-
|
data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_rsa/signature.rb
RENAMED
@@ -5,16 +5,16 @@ require 'hrr_rb_ssh/data_type'
|
|
5
5
|
require 'hrr_rb_ssh/codable'
|
6
6
|
|
7
7
|
module HrrRbSsh
|
8
|
-
|
9
|
-
class
|
8
|
+
module Algorithm
|
9
|
+
class Publickey
|
10
10
|
class SshRsa
|
11
11
|
module Signature
|
12
12
|
class << self
|
13
13
|
include Codable
|
14
14
|
end
|
15
15
|
DEFINITION = [
|
16
|
-
[DataType::String, :'
|
17
|
-
[DataType::String, :'
|
16
|
+
[DataType::String, :'public key algorithm name'],
|
17
|
+
[DataType::String, :'signature blob'],
|
18
18
|
]
|
19
19
|
end
|
20
20
|
end
|
@@ -0,0 +1,67 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/logger'
|
5
|
+
|
6
|
+
module HrrRbSsh
|
7
|
+
module Algorithm
|
8
|
+
class Publickey
|
9
|
+
class SshRsa < Publickey
|
10
|
+
NAME = 'ssh-rsa'
|
11
|
+
DIGEST = 'sha1'
|
12
|
+
|
13
|
+
def initialize arg
|
14
|
+
begin
|
15
|
+
new_by_key_str arg
|
16
|
+
rescue OpenSSL::PKey::RSAError
|
17
|
+
new_by_public_key_blob arg
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def new_by_key_str key_str
|
22
|
+
@publickey = OpenSSL::PKey::RSA.new(key_str)
|
23
|
+
end
|
24
|
+
|
25
|
+
def new_by_public_key_blob public_key_blob
|
26
|
+
public_key_blob_h = PublicKeyBlob.decode(public_key_blob)
|
27
|
+
@publickey = OpenSSL::PKey::RSA.new
|
28
|
+
if @publickey.respond_to?(:set_key)
|
29
|
+
@publickey.set_key public_key_blob_h[:'n'], public_key_blob_h[:'e'], nil
|
30
|
+
else
|
31
|
+
@publickey.n = public_key_blob_h[:'n']
|
32
|
+
@publickey.e = public_key_blob_h[:'e']
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
def to_pem
|
37
|
+
@publickey.public_key.to_pem
|
38
|
+
end
|
39
|
+
|
40
|
+
def to_public_key_blob
|
41
|
+
public_key_blob_h = {
|
42
|
+
:'public key algorithm name' => self.class::NAME,
|
43
|
+
:'e' => @publickey.e.to_i,
|
44
|
+
:'n' => @publickey.n.to_i,
|
45
|
+
}
|
46
|
+
PublicKeyBlob.encode(public_key_blob_h)
|
47
|
+
end
|
48
|
+
|
49
|
+
def sign signature_blob
|
50
|
+
signature_h = {
|
51
|
+
:'public key algorithm name' => self.class::NAME,
|
52
|
+
:'signature blob' => @publickey.sign(self.class::DIGEST, signature_blob),
|
53
|
+
}
|
54
|
+
Signature.encode signature_h
|
55
|
+
end
|
56
|
+
|
57
|
+
def verify signature, signature_blob
|
58
|
+
signature_h = Signature.decode signature
|
59
|
+
signature_h[:'public key algorithm name'] == self.class::NAME && @publickey.verify(self.class::DIGEST, signature_h[:'signature blob'], signature_blob)
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
require 'hrr_rb_ssh/algorithm/publickey/ssh_rsa/public_key_blob'
|
67
|
+
require 'hrr_rb_ssh/algorithm/publickey/ssh_rsa/signature'
|
@@ -0,0 +1,32 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
module HrrRbSsh
|
5
|
+
module Algorithm
|
6
|
+
class Publickey
|
7
|
+
@subclass_list = Array.new
|
8
|
+
class << self
|
9
|
+
def inherited klass
|
10
|
+
@subclass_list.push klass if @subclass_list
|
11
|
+
end
|
12
|
+
|
13
|
+
def [] key
|
14
|
+
__subclass_list__(__method__).find{ |klass| klass::NAME == key }
|
15
|
+
end
|
16
|
+
|
17
|
+
def __subclass_list__ method_name
|
18
|
+
send(:method_missing, method_name) unless @subclass_list
|
19
|
+
@subclass_list
|
20
|
+
end
|
21
|
+
|
22
|
+
private :__subclass_list__
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
require 'hrr_rb_ssh/algorithm/publickey/ssh_dss'
|
29
|
+
require 'hrr_rb_ssh/algorithm/publickey/ssh_rsa'
|
30
|
+
require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp256'
|
31
|
+
require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp384'
|
32
|
+
require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp521'
|
@@ -11,7 +11,7 @@ module HrrRbSsh
|
|
11
11
|
PREFERENCE = 0
|
12
12
|
|
13
13
|
def initialize options
|
14
|
-
@logger =
|
14
|
+
@logger = Logger.new(self.class.name)
|
15
15
|
@authenticator = options.fetch( 'authentication_none_authenticator', Authenticator.new { false } )
|
16
16
|
end
|
17
17
|
|
@@ -11,7 +11,7 @@ module HrrRbSsh
|
|
11
11
|
PREFERENCE = 10
|
12
12
|
|
13
13
|
def initialize options
|
14
|
-
@logger =
|
14
|
+
@logger = Logger.new(self.class.name)
|
15
15
|
@authenticator = options.fetch( 'authentication_password_authenticator', Authenticator.new { false } )
|
16
16
|
end
|
17
17
|
|
@@ -1,8 +1,7 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
5
|
-
require 'hrr_rb_ssh/data_type'
|
4
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/functionable'
|
6
5
|
|
7
6
|
module HrrRbSsh
|
8
7
|
class Authentication
|
@@ -12,73 +11,11 @@ module HrrRbSsh
|
|
12
11
|
class EcdsaSha2Nistp256 < Algorithm
|
13
12
|
NAME = 'ecdsa-sha2-nistp256'
|
14
13
|
PREFERENCE = 30
|
15
|
-
DIGEST = 'sha256'
|
16
|
-
IDENTIFIER = 'nistp256'
|
17
|
-
CURVE_NAME = 'prime256v1'
|
18
14
|
|
19
|
-
|
20
|
-
@logger = HrrRbSsh::Logger.new(self.class.name)
|
21
|
-
end
|
22
|
-
|
23
|
-
def verify_public_key public_key_algorithm_name, public_key, public_key_blob
|
24
|
-
public_key = case public_key
|
25
|
-
when String
|
26
|
-
OpenSSL::PKey::EC.new(public_key)
|
27
|
-
when OpenSSL::PKey::EC
|
28
|
-
public_key
|
29
|
-
else
|
30
|
-
return false
|
31
|
-
end
|
32
|
-
public_key_message = {
|
33
|
-
:'public key algorithm name' => public_key_algorithm_name,
|
34
|
-
:'[identifier]' => self.class::IDENTIFIER,
|
35
|
-
:'Q' => public_key.public_key.to_bn.to_s(2)
|
36
|
-
}
|
37
|
-
public_key_blob == PublicKeyBlob.encode(public_key_message)
|
38
|
-
end
|
39
|
-
|
40
|
-
def verify_signature session_id, message
|
41
|
-
signature_message = Signature.decode message[:'signature']
|
42
|
-
signature_algorithm = signature_message[:'public key algorithm name']
|
43
|
-
signature_blob = signature_message[:'signature blob']
|
44
|
-
|
45
|
-
public_key = PublicKeyBlob.decode message[:'public key blob']
|
46
|
-
algorithm = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
|
47
|
-
algorithm.public_key = OpenSSL::PKey::EC::Point.new(algorithm.group, OpenSSL::BN.new(public_key[:'Q'], 2))
|
48
|
-
|
49
|
-
data_message = {
|
50
|
-
:'session identifier' => session_id,
|
51
|
-
:'message number' => message[:'message number'],
|
52
|
-
:'user name' => message[:'user name'],
|
53
|
-
:'service name' => message[:'service name'],
|
54
|
-
:'method name' => message[:'method name'],
|
55
|
-
:'with signature' => message[:'with signature'],
|
56
|
-
:'public key algorithm name' => message[:'public key algorithm name'],
|
57
|
-
:'public key blob' => message[:'public key blob'],
|
58
|
-
}
|
59
|
-
data_blob = SignatureBlob.encode data_message
|
60
|
-
|
61
|
-
hash = OpenSSL::Digest.digest(DIGEST, data_blob)
|
62
|
-
ecdsa_signature_blob = EcdsaSignatureBlob.decode signature_blob
|
63
|
-
sign_r = ecdsa_signature_blob[:'r']
|
64
|
-
sign_s = ecdsa_signature_blob[:'s']
|
65
|
-
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
66
|
-
[
|
67
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r)),
|
68
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s)),
|
69
|
-
]
|
70
|
-
)
|
71
|
-
sign_der = sign_asn1.to_der
|
72
|
-
(signature_algorithm == message[:'public key algorithm name']) && algorithm.dsa_verify_asn1(hash, sign_der)
|
73
|
-
end
|
15
|
+
include Functionable
|
74
16
|
end
|
75
17
|
end
|
76
18
|
end
|
77
19
|
end
|
78
20
|
end
|
79
21
|
end
|
80
|
-
|
81
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob'
|
82
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob'
|
83
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature'
|
84
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob'
|
@@ -1,8 +1,7 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
5
|
-
require 'hrr_rb_ssh/data_type'
|
4
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/functionable'
|
6
5
|
|
7
6
|
module HrrRbSsh
|
8
7
|
class Authentication
|
@@ -12,73 +11,11 @@ module HrrRbSsh
|
|
12
11
|
class EcdsaSha2Nistp384 < Algorithm
|
13
12
|
NAME = 'ecdsa-sha2-nistp384'
|
14
13
|
PREFERENCE = 40
|
15
|
-
DIGEST = 'sha384'
|
16
|
-
IDENTIFIER = 'nistp384'
|
17
|
-
CURVE_NAME = 'secp384r1'
|
18
14
|
|
19
|
-
|
20
|
-
@logger = HrrRbSsh::Logger.new(self.class.name)
|
21
|
-
end
|
22
|
-
|
23
|
-
def verify_public_key public_key_algorithm_name, public_key, public_key_blob
|
24
|
-
public_key = case public_key
|
25
|
-
when String
|
26
|
-
OpenSSL::PKey::EC.new(public_key)
|
27
|
-
when OpenSSL::PKey::EC
|
28
|
-
public_key
|
29
|
-
else
|
30
|
-
return false
|
31
|
-
end
|
32
|
-
public_key_message = {
|
33
|
-
:'public key algorithm name' => public_key_algorithm_name,
|
34
|
-
:'[identifier]' => self.class::IDENTIFIER,
|
35
|
-
:'Q' => public_key.public_key.to_bn.to_s(2)
|
36
|
-
}
|
37
|
-
public_key_blob == PublicKeyBlob.encode(public_key_message)
|
38
|
-
end
|
39
|
-
|
40
|
-
def verify_signature session_id, message
|
41
|
-
signature_message = Signature.decode message[:'signature']
|
42
|
-
signature_algorithm = signature_message[:'public key algorithm name']
|
43
|
-
signature_blob = signature_message[:'signature blob']
|
44
|
-
|
45
|
-
public_key = PublicKeyBlob.decode message[:'public key blob']
|
46
|
-
algorithm = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
|
47
|
-
algorithm.public_key = OpenSSL::PKey::EC::Point.new(algorithm.group, OpenSSL::BN.new(public_key[:'Q'], 2))
|
48
|
-
|
49
|
-
data_message = {
|
50
|
-
:'session identifier' => session_id,
|
51
|
-
:'message number' => message[:'message number'],
|
52
|
-
:'user name' => message[:'user name'],
|
53
|
-
:'service name' => message[:'service name'],
|
54
|
-
:'method name' => message[:'method name'],
|
55
|
-
:'with signature' => message[:'with signature'],
|
56
|
-
:'public key algorithm name' => message[:'public key algorithm name'],
|
57
|
-
:'public key blob' => message[:'public key blob'],
|
58
|
-
}
|
59
|
-
data_blob = SignatureBlob.encode data_message
|
60
|
-
|
61
|
-
hash = OpenSSL::Digest.digest(DIGEST, data_blob)
|
62
|
-
ecdsa_signature_blob = EcdsaSignatureBlob.decode signature_blob
|
63
|
-
sign_r = ecdsa_signature_blob[:'r']
|
64
|
-
sign_s = ecdsa_signature_blob[:'s']
|
65
|
-
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
66
|
-
[
|
67
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r)),
|
68
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s)),
|
69
|
-
]
|
70
|
-
)
|
71
|
-
sign_der = sign_asn1.to_der
|
72
|
-
(signature_algorithm == message[:'public key algorithm name']) && algorithm.dsa_verify_asn1(hash, sign_der)
|
73
|
-
end
|
15
|
+
include Functionable
|
74
16
|
end
|
75
17
|
end
|
76
18
|
end
|
77
19
|
end
|
78
20
|
end
|
79
21
|
end
|
80
|
-
|
81
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob'
|
82
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob'
|
83
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature'
|
84
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob'
|
@@ -1,8 +1,7 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
5
|
-
require 'hrr_rb_ssh/data_type'
|
4
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/functionable'
|
6
5
|
|
7
6
|
module HrrRbSsh
|
8
7
|
class Authentication
|
@@ -12,73 +11,11 @@ module HrrRbSsh
|
|
12
11
|
class EcdsaSha2Nistp521 < Algorithm
|
13
12
|
NAME = 'ecdsa-sha2-nistp521'
|
14
13
|
PREFERENCE = 50
|
15
|
-
DIGEST = 'sha512'
|
16
|
-
IDENTIFIER = 'nistp521'
|
17
|
-
CURVE_NAME = 'secp521r1'
|
18
14
|
|
19
|
-
|
20
|
-
@logger = HrrRbSsh::Logger.new(self.class.name)
|
21
|
-
end
|
22
|
-
|
23
|
-
def verify_public_key public_key_algorithm_name, public_key, public_key_blob
|
24
|
-
public_key = case public_key
|
25
|
-
when String
|
26
|
-
OpenSSL::PKey::EC.new(public_key)
|
27
|
-
when OpenSSL::PKey::EC
|
28
|
-
public_key
|
29
|
-
else
|
30
|
-
return false
|
31
|
-
end
|
32
|
-
public_key_message = {
|
33
|
-
:'public key algorithm name' => public_key_algorithm_name,
|
34
|
-
:'[identifier]' => self.class::IDENTIFIER,
|
35
|
-
:'Q' => public_key.public_key.to_bn.to_s(2)
|
36
|
-
}
|
37
|
-
public_key_blob == PublicKeyBlob.encode(public_key_message)
|
38
|
-
end
|
39
|
-
|
40
|
-
def verify_signature session_id, message
|
41
|
-
signature_message = Signature.decode message[:'signature']
|
42
|
-
signature_algorithm = signature_message[:'public key algorithm name']
|
43
|
-
signature_blob = signature_message[:'signature blob']
|
44
|
-
|
45
|
-
public_key = PublicKeyBlob.decode message[:'public key blob']
|
46
|
-
algorithm = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
|
47
|
-
algorithm.public_key = OpenSSL::PKey::EC::Point.new(algorithm.group, OpenSSL::BN.new(public_key[:'Q'], 2))
|
48
|
-
|
49
|
-
data_message = {
|
50
|
-
:'session identifier' => session_id,
|
51
|
-
:'message number' => message[:'message number'],
|
52
|
-
:'user name' => message[:'user name'],
|
53
|
-
:'service name' => message[:'service name'],
|
54
|
-
:'method name' => message[:'method name'],
|
55
|
-
:'with signature' => message[:'with signature'],
|
56
|
-
:'public key algorithm name' => message[:'public key algorithm name'],
|
57
|
-
:'public key blob' => message[:'public key blob'],
|
58
|
-
}
|
59
|
-
data_blob = SignatureBlob.encode data_message
|
60
|
-
|
61
|
-
hash = OpenSSL::Digest.digest(DIGEST, data_blob)
|
62
|
-
ecdsa_signature_blob = EcdsaSignatureBlob.decode signature_blob
|
63
|
-
sign_r = ecdsa_signature_blob[:'r']
|
64
|
-
sign_s = ecdsa_signature_blob[:'s']
|
65
|
-
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
66
|
-
[
|
67
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r)),
|
68
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s)),
|
69
|
-
]
|
70
|
-
)
|
71
|
-
sign_der = sign_asn1.to_der
|
72
|
-
(signature_algorithm == message[:'public key algorithm name']) && algorithm.dsa_verify_asn1(hash, sign_der)
|
73
|
-
end
|
15
|
+
include Functionable
|
74
16
|
end
|
75
17
|
end
|
76
18
|
end
|
77
19
|
end
|
78
20
|
end
|
79
21
|
end
|
80
|
-
|
81
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob'
|
82
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob'
|
83
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature'
|
84
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob'
|